GDPR – Understanding what’s expected!

As I’m sure you’re well aware by now, May 25^th sees the implementation of the General Data Protection Regulation (or GDPR for short). This will be the new term used for the storing, processing and management of personal data. Basically, DPA and confidentiality processes have a new broader term to ensure all data is withheld in the most secure ways possible. GDPR is a vital update on what you currently do. We are assuming that what you currently do is best practice and of course abides by current DPA law.

I know what you’re thinking ‘we always operate confidentially – what’s new?’

What’s new are the heightened processes every organisation must undergo when handling data. With GDPR, there are more serious consequences if you are found to be using data incorrectly. With the majority of our subscribed clients on our various platforms, they all handle customer and/or public data in some form or another. It’s vital to understand the key points to this national legislation change and ensure this is adhered to fully.

Some of the key aspects your company must focus on is ensuring that all data is identified and assessed in line with new and specific protocols. Processes are structured, data is mapped and constantly improved upon, as well as being stored electronically and in traditional filing systems.

With implementing data governance best practices, you’ll not only comply with the GDPR but you’ll now be able to create more business value with confidence. This will ensure success when contracting with future parties.

We have now found many public and private tenders are increasingly asking suppliers if they are GDPR compliant via the multiple processes above.

Such questions have become apparent in a recent public tender within the creative sector (for e.g.):

• Please confirm that you are GDPR compliant (detail relevant technical & organisational security measures)?
• Are you maintaining Data Processing Records?
• Do your standard contract terms include the new GDPR mandatory provisions?
• Do you have a documented Breach Notification Process? Etc.

To maximise your scores, you would need to answer more than a simple YES!

Please see ICO’s brochure which provides further helpful information on preparing for and applying GDPR principles in your organisation[s].

We encourage all clients to take this information provided. Mainly to ensure any future tendering efforts aren’t spread thin merely by the lack of compliance against GDPR. Going forward, it is becoming quite clear that GDPR may soon become part of the normal questions asked in PQQs and ITTs.

Over the next few months, we will be analysing common requirements (as above) that are starting to come into effect with the changes and updates that GDPR will pose. Watch this space and remember to take a look at the brochure attached to begin what is needed for you to excel with upcoming tenders.

We’re here to help you grow, develop and standout!