We ran our GDPR Readiness Forum on the 15th March; below is a summary of the forum and key findings.

 

With only 60 weeks until the introduction of the GDPR, Charterhouse hosted this forum with the aim of helping financial and legal businesses understand how the GDPR could affect their business. The forum also looked at how technology was evolving to support the requirements generated by the GDPR’s introduction. To effectively deliver this information, we had expert speakers from law, market research, technology and security backgrounds alongside a business decision maker currently tackling the impending introduction of the GDPR.

 

Bird & Bird’s, Elizabeth Upton, provided an overview of what the GDPR is and how businesses should prepare. CCS Insight’s, Nick McQuire shared research on how the GDPR will support and nurture best practice workforce mobility. BlackBerry and Android then reviewed some of the technological developments that will help businesses remain compliant whilst maintaining modern working practices (flexible working and the use of multiple devices).

Some interesting facts from the day

Only 47% of IT professionals in the U.K are ‘fully aware’ of the GDPR so many people still need guidance.

 

The GDPR’s 72 hour deadline for reporting a data breach is in stark contrast to the 180 days it currently takes companies.

 

Businesses can face a fine of up to 4 of global turnover. Businesses must define accountability and responsibility around people and procedures for handling data.

 

All experts on the day recommended that every business run bespoke assessments on how they’ll be impacted and what this means for their current processes and technologies used.

Getting Ready for the GDPR

Project preparation is key; identifying high level impacts and key stakeholders required is critical. Senior support is required to secure a budget and build a project team capable of ensuring your business successfully prepares for the GDPR.

 

Getting your business ready involves stakeholder workshops and information gathering; what types of data are stored, where are they stored, who has access to them, are there any high risk areas? A readiness report should be documented and shared. Technologies should be identified that will help secure data and processes.

 

Implementation of plans involves appointing responsibility and accountability to key stakeholders. Records of data processing must be kept, supplier engagement will be crucial and all technology roll-outs should be planned meticulously.

GDPR Readiness Workshops

We will be running further events over the coming 18 months to help other businesses prepare for the GDPR. We’re also running free GDPR Readiness Workshops which many companies have signed up for; these involve understanding your bespoke data requirements and identifying ways in which you could avoid major fines courtesy of the GDPR. A Minimum of 2 GDPR experts attend these workshops and it’s recommended that Compliance, Risk, IT and technology stakeholders are all involved.