Written by Tim on 09 October 2019

So you’ve done all your research and reading, conducted your Privacy and Security Impact Assessment and taken steps towards compliance. The 25th May has come and gone, and the GDPR is here.

Now what?

Well, if you’ve prepared correctly, it should be business as usual. The companies that will survive post-GDPR are the ones that have approached the regulation as a business opportunity (rather than an ad-hoc exercise) with a long-term business strategy that’s:

  1. aligned with business goals; and
  2. focuses on using compliance as a source of competitive advantage.

So how’s your business model looking? Are you equipped for ongoing GDPR compliance?

Privacy by design

You’ll have heard this phrase countless times on your journey towards GDPR compliance, and with good reason.

Privacy by design, according to the Information Commissioner’s Office, is ‘an approach to projects that promotes privacy and data protection compliance from the start.’ It should be the cornerstone of everything you do in your business, and be a key component in your business strategy and operating model. If you haven’t considered how you’ll integrate privacy by design into your operations, you’re not ready for life post-GDPR.

Further reading:

System monitoring

You can have all the high-tech snazzy security systems in the world, but if nobody’s watching them, they’re pretty much useless.

You need to give somebody the job of monitoring system reports (and the tools to do so) so that any suspicious behaviour is brought to your attention immediately, and any potential breaches thwarted in their tracks.

Alternatively, you can outsource this task. If your IT support company helped you on your journey towards GDPR compliance, they should be able to help you ongoing monitoring as well.

Further reading:

Breach management

If you discover a data breach, you only have 72 hours to inform the relevant authorities about it. This means you need a data breach response plan.

You’ll need to implement a breach management and response plan, and assign somebody (or a team of people) responsibility for executing this plan in the event of a breach. Be sure to consider things like:

  • processes for identifying and containing a breach;
  • how you’ll record information on the breach;
  • a notification and communication plan;
  • how you’ll reflect on next steps and lessons learnt;
  • a plan for avoiding a similar breach in the future; and, most importantly
  • employee training.

Further reading:

Ongoing education

Again, all the security in the world won’t work if your people aren’t educated.

Human error is the single biggest risk to effective data protection. You should already be educating your staff as part of your journey towards GDPR compliance, but you need to make sure this training and education programme continues post-May 25.

Try to keep cybersecurity and data protection at the forefront of your employee’s minds, and update your training plan as the cyber threats evolve over time. Make sure your team understands threats such as social engineering and phishing scams, and that they know how to handle, send and receive data lawfully.

Further reading:

Life after GDPR

The GDPR is a good thing. It protects your customers, it protects your suppliers, it protects your employees and it protects you. So welcome it with open arms, and work with it – not against it – for a safer, better protected business that stands you in good stead for growth and success.

You might be interested in

Rob Burrell gets promoted to Sales Director and joins the Board

We’re delighted to share that Rob Burrell has been promoted to Sales Director and he’s also been invited to sit on Axon’s Board of Directors.

Why relationship selling is the secret to selling more

Consumer buying habits have changed a lot in the last decade.

What is Microsoft PowerApps?

Microsoft PowerApps is an enterprise grade, application development solution available to all sizes of businesses.

Axon's Pandemic Readiness Plan

What Axon are doing internally to prevent the spread of COVID-19 within their workforce.