General Data Protection Regulation
In May of 2018 the landscape for data rights underwent a significant change that affected business worldwide who deal with any European citizen. The General Data Protection Regulation (GDPR) came into effect. In 2021 the landscape for the UK continued to evolve with the introduction of the UKGDPR.
This represents a further significant challenge to business and it is only the begining as further Worldwide legislation relating to electronic business (specifically e-commerce and electronic trade) is expected.
Addressing the concerns brought about by these changes to legislative rights can be challenging for any business. Many of those rights will have a fundamental place in how we also use security of electronic and physical data in our businesses. There are some very important questions that you should already be asking yourself:
- Do you know where your data is?
- Do you audit how it is collected, transmitted and archived?
- Do you follow the changing best practices for securing your data?
- Do you know how your data and systems are secured?
- Do you know how to find out what those best practices are?
Having a strategy to deal with the GDPR may be out of the reach of many organisations. Have you started to address your solution to the upcoming legislative changes, how do they affect you?
Navigating the myriad of solutions may seem like a monumental task that will be impossible to complete. You need to act to make sure you are compliant with this legislation and to ensure your business processes are acceptable and affordable.
Shadowcat Systems has many years of experience in dealing with access and storing of data. We write about changes in data rules and we can help your organisation move towards a better data strategy. We can help you to do a strategic analysis of your organisation and identify the steps you need to take to mitigate risk and observe legislative requirements.
Shadowcat doesn't offer a single-solution or claim to make you any percentage compliant with legislation. In fact the GDPR makes specific statements about what you have to do as individual organisations, there is no list of compliance as that is determined by CoC authorities and NGO trade bodies.
At Shadowcat our mission isn't about insuring you against risk but evolving your organisation to observe best practice which should make you compliant with legislation.
We believe companies are individual and that our best role is to help them implement a solution that matches their business.
There is no one true way, we treat your organisation as an individual as that is how the legislation will see you.
Talk to us today and learn how you can move towards being compliant with the legislation that affects you.
All the current blog posts about the GDPR from the SC Team
GDPR and Small Organisations: Mark starts the discussion about the GDPR and small organisations like member organisations that are non-corporate.
GDPR and User Data Rights: The GDPR is an evolutionary rewrite of User Rights and you should be aware of what that means.
GDPR - A Quick Note on Consent: Mark takes a short side trek and discusses the broad subject of consent and the GDPR
GDPR, Data and Software: Mark looks at the grey area of work and personal life and data access
GDPR, Data Processors: Mark looks at how the GDPR defines a data processor
GDPR and Cyber Essentials: What sort of thing should you be considering when you think of securing yourself?
GDPR and Data Management: How do we manage the data we collect, how do we find it?
GDPR - Information Governance: Mark looks at Encryption, Anonymisation, Data Storage and Access Rights as part of IG
GDPR, Data Controllers: Mark looks at how the GDPR defines a data controller
GDPR, Data Protection Officer: Mark answers the question, do I need to appoint a DPO?
A set of links to all the official online resources. These are all recommended by the ICO.
The GDPR and the Mailing List - what do I do?
Sometimes a big organisation can overlook the paperwork in their possession and not all the people making forms have had the training - Merlin Entertainments, you're out.
Clarifications to, and understanding what to do when receiving, the Subject Access Requests (SAR): Part One.
Clarifications to, and understanding what to do when receiving, the Subject Access Requests (SAR): Part Two
Clarifications to, and understanding what to do when receiving, the Subject Access Requests (SAR): Part Three
Clarifications to, and understanding what to do when receiving, the Subject Access Requests (SAR): Part Four
Legislation
Recommended blog posts about the GDPR from the SC Team
GDPR, Data and Software: Mark looks at the grey area of work and personal life and data access
GDPR, Data Controllers: Mark looks at how the GDPR defines a data controller
GDPR, Data Processors: Mark looks at how the GDPR defines a data processor
GDPR, Data Protection Officer: Mark answers the question, do I need to appoint a DPO?
A set of links to all the official online resources. These are all recommended by the ICO.