News & Vacancies
Welcome to the Microtechs information portal. Here you can see the latest news and read through our current vacancies.
Five Essential Steps to GDPR Survival
By Eckhard Herych Faculty Member of the CGOC
We are now less than a year away from the implementation of the European Commission’s General Data Protection Regulation (GDPR) on May 25, 2018, and the stakes for companies are high.
First, the GDPR “applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location”.
Second, non-compliant organizations can face devastating fines as high as four per cent of the annual global turnover or €20 million, whichever is higher. Third, preparing to meet the requirements of the GDPR cannot be done overnight simply by deploying security software, which, unfortunately is where too many GDPR response discussions start.
The good news is that companies that begin now can make tremendous progress toward creating a data infrastructure that dramatically reduces the likelihood of GDPR non-compliance and that minimizes the financial impact even if something goes wrong. Here are the five key steps organizations must take to get ready.
Unify data management strategically
In the face of the GDPR, other evolving regulations, and advances in technology, data management and governance practices must be unified and auditable across all geographies and lines of business, and across on-premises, private cloud, public cloud, and hybrid infrastructures. The first step to achieving this is recognizing that every executive, manager and user has a stake in data management. C-level champions are essential, and CIOs, CDOs, and privacy officers must take the lead. This initiative must directly connect the data management, information security, legal and information governance teams, along with the lines of business.
Locate and understand the flow of all data
Stakeholders must work together to locate all data stores with collected information (such as customer data), created information (such as work product that might include customer data), and derived information (such as the results of analytics and machine learning that might include customer data).
They must understand the flow of information – the movement of data in business processes across multiple stakeholders (such as corporate counsel, strategic partners, etc.) and systems (such as legacy systems, cloud service providers, PCs, BYODs, etc.). Data mapping is an essential tool to create a visual depiction of how personal information flows across systems and devices as part of business processes. The map can include an overlay of GDPR requirements. In fact, the careful analysis of data flows in business processes is an essential component in our GDPR readiness assessment activities to ensure that our clients gain a sound understanding of their information landscape.
Evaluate all data
Only with the ongoing efforts of the first two steps can stakeholders evaluate the purpose or use of data and the regulatory obligations associated with it. Business users need to understand the value of the information they use to the organization. This is essential to helping all the key stakeholders (CIO, CDO, Privacy Officer, Legal, and InfoGov) assess:
· What information is subject to GDPR?
· If data must be preserved, for how long? Is there a conflict between preservation requirements and GDPR requirements? If so, how will it be resolved?
· Is some data of “Legitimate Interest” to the organization for possible exemption from certain GDPR requirements (for example, GDPR Article 6 Lawfulness of processing)?
· Has consent been obtained for the intended use of the information (GDPR provides clear requirements and conditions to gain and establish consent)?
Dispose of all disposable data
Now that value has been assessed, it is possible to get rid of all data that has no business, legal or regulatory value, as well as all data that must be deleted to comply with the GDPR. In addition, now that IT knows where all the data is located, it is possible to ensure the proper deletion of all relevant data. This is critical to minimizing the impact of breaches and GDPR non-compliance. Moving forward, the deletion of obsolete data must become an integral part of operations to ensure that companies dispose of records or data in a controlled, legally defensible fashion.
Protect what’s left
· This is where most GDPR preparation discussions start, but only after following the first four steps is it actually possible to:
· Properly track the collection and movement of data
· Effectively control access to sensitive and private data
· Knowledgeably employ the most appropriate vendor security solutions, such as firewall, anti-virus, anti-phishing, etc.
· Automate disposal
· Provide employee training on data protection and privacy that has a chance of being effective
· Prepare for crisis management
· Establish processes and procedures to enable the organization to react to inquiries by authorities or individuals within the time frames defined in the GDPR
The inevitable GDPR time bomb is going off soon, and doing nothing to prepare for it beyond some new security measures and training is a recipe for costly data disasters. A real preparation effort will take time, and the sooner you start on this iterative journey, the better the position your organization will be in to avoid GDPR penalties or a least minimize their impact.
Picture credit: personnelltoday.com
Microtechs 24/7/365 White label Technical Helpdesk
In today's world, a rock solid IT infrastructure is key to every successful business. At Microtechs we have the experience and resource to ensure your company has the support it needs 24 hours a day, 7 days a week, 365 days a year. We are able to provide an immediate response from our state of the art Technical Operations Centre which is based in the heart of Surrey.
With our rapidly expanding team, all specifically trained, working 24/7/365, we are able to provide excellent customer service and technical support. All of our services are available completely white labelled, ensuring a seamless extension to your company.
Through our services you are able to extend your hours to 24/7 or simply use us as an over flow assistant during office hours. This is all tailored to your business needs.
How does Outsourcing your helpdesk benefit your business?
1. It reduces your staffing costs. Why hire another member of staff, if you can outsource all of your calls for less? We are normally between 25-50% cheaper than an in-house option.
2. It expands your opening hours. We have a technical operations centre which is open 24/7/365.
3. It will improve your customer experience. Are you taking multiple calls from clients, but can’t get back to them as quick as you would like? Well now you have a team of 30 staff taking your support calls for you. Have an important meetings? No problem, your helpdesk has your back.
We work with over 60 IT & Telecoms Businesses who trust us to deal day to day with their clients.
Feel free to call our friendly solutions team, who will be happy to discuss further and help tailor a solution to you.
Call us now on 01483 407417