A timely reminder from Advent IM Director, Julia McCarron.
Many times we hear clients say, “Yeah we are compliant with GDPR. We did the privacy notice, created a SAR process, trained our staff, re-did our data protection policy and stopped sending everyone emails until we get their consent. 25th May deadline was a doddle!”
Well aside from the fact that consent requirements were misinterpreted, all of this is great stuff but …. what have you done since? Do you know staff are complying with policy and following processes? Has the training stuck or have staff forgotten about it now. And aside from GDPR are your sure you are complying with all aspects of the Data Protection 2018 because they aren’t the same thing.
We have sensed that for many their data protection actions have now become shelfware, collecting dust until another major legislation or regulation change comes along … or worse a breach occurs. But if you do suffer a breach of any kind and have not shown any commitment to effective processes and continual improvement you could find yourself at the end of a heavy fine and damaged reputation.
The solution is simple. To ensure you maintain compliance, and your processes adapt to your evolving business, get us in once a year to review your practices and advise you on enhancements or improvements to processes.
Why? We are experts in information security and data protection so we know what we’re looking for. We have a proven track record in helping clients develop practical and compliant processes. Our independence gives added assurance to your Board. Its money well spent to protect your brand and exposure to fines.
- Posted by Ellie Hurst
- On 30th October 2018
- 0 Comments