5 steps to success for GDPR

Book your demo

office,colleagues,having,casual,discussion,during,meeting,in,conference,room.

Actions speak louder than words, and the same can be said for GDPR. It’s not enough to simply say that you’re compliant with the Data Protection Act updates. The challenges are about showing that you’re compliant and that you are able to manage it on an ongoing basis.

We’ve put together a simple approach to GDPR that will allow you to easily demonstrate that you can be trusted and are on the path to GDPR success.

Your GDPR preparations

We have boiled this down into 2 areas – the checklist from the Information Commissioner’s Office (ICO) and the way you plan to evidence your responses.

The ICO’s data protection self-assessment is a set of 7 checklists which ask you 120 questions about how you currently manage personal data. They cover questions for data controllers and processors, information security, direct marketing, records management, data sharing and subject access, and CCTV.

Once you have completed this self-assessment, it’s important to pause and prioritise the work required, as well as look at your budget and the resources you have. Your priority will be based on the biggest and most obvious threats and/or issues you have e.g. powerful stakeholder demands.

You will then want to think about how you are going to answer and evidence the 120 questions in the GDPR self-assessment. We suggest breaking these down into 8 areas where work needs to get done, both in terms of implementing then easily sustaining and improving in future.

ISMS.online will save you time and money towards ISO 27001 certification and make it simple to maintain.

Daniel Clements

Information Security Manager, Honeysuckle Health

Book a demo

1) Information (and processing assets) you hold

2) Risks: Confidentiality, Integrity, Availability

  • Identification & evaluation
  • Ongoing management including the demonstration of policies and controls in place and regular review of risks

3) Policies and Controls Management

  • Individuals rights and privacy policies & controls based on the risks
  • Information security policies & controls based on the risks
  • Aligning of policies and controls to recognised standards, certifications and regulations frameworks (where required to meet stakeholder expectations)
  • Regular reviews and demonstrating those have taken place

4) Assessments and Requests to ensure privacy and security by design

5) Incidents and BCP

6) Staff

7) Supply Chain

  • Communications & awareness around privacy and information security – planned and as needs arise
  • Dynamic & continuous compliance as the organisation changes its policies, controls and practices
  • Contracts, contacts and relationship management
  • Beyond suppliers into go-to-market partners and others with access to personal data

8) Whole System Coordination and Assurance

  • Reporting and monitoring
  • Audits and reviews management
  • Visibility of progress and status at all times
We started off using spreadsheets and it was a nightmare. With the ISMS.online solution, all the hard work was made easy.
Perry Bowles
Technical Director ZIPTECH
100% of our users pass certification first time
Book your demo

Implementing your GDPR work –
from the top down

Step 1

Capture and document the information you hold in accordance with the records processing requirement, from both the controller and processor role perspective.

Step 2

Assess risks and identify potential ways of protecting information and ensuring individuals rights to privacy are in place.

Step 3

Describe the policies and controls along with other safeguards. You can use the ICO checklist again here as it’s a great way of seeing where they expect you to be covered.

Step 4

Demonstrate that working in practice with your operational data processing systems, staff, supply chain, and other interested parties are all able to show understanding and compliance.

Step 5

Monitor, review, audit and improve the whole system over time to deliver the commitment to privacy and information security that the ICO is expecting.

Go back and review all of the ICO checklist questions and best practice guidance. This will give you a basis to demonstrate that you have considered each area of the GDPR.

 

Approaching GDPR using ISMS.online

We’ve created the following video for our customers that details how you can use the ISMS.online platform to create a quick gap analysis, follow the ICO steps to achieving GDPR compliance, and successfully manage it for the years to come.

See our platform features in action

A tailored hands-on session based on your needs and goals

Book your demo

100% of our users Achieve ISO 27001 certification first time

Start your journey today
See how we can help you

ISMS.online now supports ISO 42001 - the world's first AI Management System. Click to find out more