Celerity recently sponsored The Public Sector Data & GDPR Summit held at Victoria Park Plaza in London. The idea of the summit was to ignite debate and discussions on citizen’s rights, interdepartmental data sharing and security; improving end-user experience and protection in the post GDPR digital age. The day was a huge success with over 260 delegates in attendance including central government department heads, leaders from local government together with NHS innovators and tech giants.
With many organisations still in their infancy within the GDPR process, the day itself was a great opportunity to review current activity, identify gaps and make improvements to business procedures.
Neil Hulme, Celerity’s Technical Delivery Manager, gave an informative presentation on Celerity’s GDPR service offerings comprising Data Mapping & Discovery, Data Custodian – Monitoring & Reporting, Managed Services & Backup as a Service (BaaS). Celerity Custodian Data Discovery & Mapping Services are helping organisations from all sectors to understand, manage and secure data information assets as they strive towards GDPR compliance.
What organisations should be asking themselves is:-
- What & how much data do we have? Where does it reside & is it protected?
- How are we controlling data growth & managing environment performance?
- Do we have a DR plan in place should things go wrong?
- Cost Control - how can we keep costs to a minimum without sacrificing service standards?
Typical questions asked of Celerity on the day with the given answers are below:-
Q. What constitutes as personal data?
A. Any information related to a natural person, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Q. What can we do to ensure we stay in line with the GDPR?
A. The GDPR essentially wants improved visibility, control and understanding of how a business processes, stores and manages personal data. Predominantly concerning consent from the data subject and maintaining the consensus for the duration that the information is held within your organisation. In doing so, your organisation needs to ensure every piece of data information is accounted for.
Q. What do we need to be following to become compliant?
A. Article 5 of the EU GDPR states that personal data must be:
- Processed lawfully, fairly and in a transparent manner
- Collected only for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate and kept up to date
- Held only for the absolute time necessary and no longer
- Processed in a manner that ensures appropriate security of the personal data
Q. What additional security measures should we take?
A. There is no set security procedure that is generic within enterprises. As long as there is a system administrated to prevent any unlawful attention within your data, it is secure. Disaster Recovery provides you with evidence that your data has been successfully replicated to the offsite data centre location and is secure working towards compliance goals.
The GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens. Regulators can impose Administrative Fines of up to €20m or 4% of total annual worldwide turnover, whichever is higher.
If you want to talk data and GDPR processes, please contact Celerity at email@example.com
Don’t delay... the countdown has begun...!