How can I prepare for GDPR? This is a question small or medium sized businesses are reluctant to address, either not fully understanding the implications of non-compliance, or are at a loss as to where to begin.
Preparing for General Data Protection Regulation (GDPR) can’t begin soon enough, as tough business-breaking fines become enforceable in May 2018. It is a complex issue and whilst business owners will eventually need to understand it fully, it’s good to have a basic overview plus some pointers as to where to turn next.
At Midwich we've been working closely with our vendor partners and have had deep insight into the regulation along with visibility of tools and technology that are out there to help SMBs begin their journey towards compliance.
This blog is aimed at helping SMB's make a start with their initial steps as they prepare for GDPR.
In a nutshell, GDPR is all about the security and relevance of held data that can identify an individual. It’s more than simply a name, address and date of birth. It could be driving licence details held by HR teams, staff photos and images on CCTV to name but a few.
GDPR is in place to ensure that anyone holding personally identifiable data (PID) can prove consent, security and management of that data. It’s enforcing the rules that us as individuals would want to think existed to protect our own personal data, after
Because of this and of the advancement of much larger and worrying security attacks on businesses, although not the definitive list, here are the main questions GDPR needs data holders to ask themselves;
1 Right to access – can you find all the data you hold on an individual?
2 Retention periods – how long can you hold the data for?
3 Data erasure – the right of an individual to be forgotten (all trace removed)
4 Privacy by design – are you building in security steps from the outset?
5 Security – how many copies of your documents exist?
6 Consent – do you have consent to hold the data and how will you use it?
Don't forget, GDPR is not just about being compliant but proving safeguarding practices in a court of law - you need a water-tight audit trail too.
It is a detailed regulation and self-tutoring and investigation
Below are links to the official places to start from and some easy-to-implement first steps that pretty much most companies would benefit from.
If desks and filing cabinets are overflowing with paper and archive cabinets are stuffed full of information containing personally identifiable information (PID), not only will a paper-based business find it difficult to find and sort through data - it’s going to be very time-consuming too. What will they do with that data once they’ve found it?
Data management and processes to help towards GDPR compliance can start with
Once papers are scanned, they can be filed in a multitude of places, whether on a network, on the Cloud or locally-based PC files. Most document scanners have built-in software that will help with the filing and
For better data retrieval and action functionality, specific software is the way forward. Our scan vendor partners have been working with leading software providers in order to offer solutions which are specifically geared up to helping businesses with their GDPR preparation.
As anyone familiar with Fujitsu’s range will know, they are well placed to help a wide range of customers from SMBs and SOHO to Public Sector and large corporates, whether via compact desktop, slim portable devices or larger, departmental and production scanners. Fujitsu’s entry level ScanSnap range can quickly and intuitively scan to a multitude of destinations such as a cloud account or local folders. By digitising data it’s a start in the process
With a diverse range of scanners in place, Fujitsu wanted to explore further ways in which they could help customers manage their data and prepare for the May 2018 deadline.
As a result, they’ve partnered up with EASY Software UK whose sister company
EASY Software UK’s privacy management system software can provide the single source of the truth on personally identifiable data sources, helping catalogue and more importantly, action and update any data management processes necessary to keep customers compliant with GDPR. This software will be key to any organisation with large amounts of personal data to manage and in becoming more GDPR enabled with for example regular audit reports and handling of subject access requests from day one.
At Midwich we’re confident that the Fujitsu and EASY Software partnership offers one of the most comprehensive scanning and software combination available on the market and will be able to help many customers on their road to GDPR compliance.
Our scanning specialists are on hand to advise you on the best solutions, bespoke to your customers’ needs.
For more details on GDPR and this scanning/software solution available through Midwich, download our latest guide GDPR Guide.
Business Development Manager