3500 Lacey Road, Suite 100
Downers Grove, IL 60515
CompTIA’s 2017 EMEA Member and Partner Conference, scheduled 17 and 18 October at etc.venues County Hall Riverside Building, London, will feature a session on the ICO's 12 steps to General Data Protection Regulation (GDPR) compliance, with advice and tools on how to make a great, practical start on the journey toward compliancy. With the 25 May, 2018, deadline fast approaching, the clock is ticking and there’s not much time to get up to speed here. This session is designed to give you a great head start if you haven’t already started and to augment what you’ve already done if you have.
GDPR is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
I remember the first time I heard of GDPR. It started in a breakout session last year in Birmingham when the CompTIA UK Community audience asked questions about the new data privacy regulation. It was clear that people were uneasy and were looking for answers. Fast-forward a year and the appetite for information is incredible, and rightly so, as the fines are huge and this is the first time we are faced with a new data privacy regulation upgrade in 20 years.
So, there are about 20 million reasons why we should do everything we can to be compliant. GDPR is coming and we need to be ready – so how can we do that?
The first step would be to breathe and take some time to go through the 12 steps in preparation for 25 May. But you cannot rest on just the 12 steps. A good next step is to check is the ICO guidance on what to expect and when.
Put time aside to do some good old research and fact-finding and create a solid plan. New things may spring up. The ICO says, “This is a living document and we are working to expand it in key areas.” Check out ICO news on what’s new to stay on top of things. There is also a self-assessment toolkit available.
But even when you’re prepared you have questions such as: “How can a full data destruction be auditable? What can and can’t I do with business cards I have received? Do I need a dedicated data protection officer?” Like many people, I was concerned about how reasonable and realistic some of the GDPR requirements are.
These and many more questions that came up on a CompTIA GDPR webinar called “GDPR: Your Duty of Care to Your Customers.” Click here to listen to an interview with guest speaker Jim Sneddon addressing the audience’s pain points on GDPR.