Are you preparing for the General Data Protection Regulation (GDPR)?

[freedomit]

To all UK based users, have you started looking into GDPR at all yet? If so how are you preparing your clients for it? I have a webinar lined up with Sophos next week about there GDPR solutions but interested to see what other solutions people are putting into place?

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/

 

[PBComputer]

Not really looked at it yet, guess I am going to have to start soon.

 

[jamiesev]

We are running a seminar on the "key points" tomorrow for our business customers

 

[freedomit]

We are running a seminar on the "key points" tomorrow for our business customers

Do you mind me asking what you are advising your clients?

 

[jamiesev]

I covered areas around client / employee data and encryption. It was in no way a full run through as that would take days!

 

[Mick]

I suspect that, as with many pieces of legislation, it's going to take a couple of test cases to determine exactly what is and what isn't required of 'controllers' and 'processors'. Just hope none of them involve me

 

[freedomit]

Just wondering if anyone is using any software tools or documentation toolkits for compliance? I've started testing Solarwinds Risk Intelligence to identify data floating around on laptops/desktops. Also, im testing Bitlocker implementation and monitoring for laptops to make sure data in transit is encrypted.

 

[acs]

A lot of hot air and legal fees being paid around GDPR. However even UK based Sole Traders need to be aware of what is required and ebuyer has a simply 1 page guide. http://www.ebuyer.com/blog/2017/06/impact-of-the-gdpr-on-small-businesses/

 

[freedomit]

With just over a month to go how is everyone getting on with GDPR compliance? I’m in the same boat as a lot of other people which is ‘working towards compliance’ which basically means seeing what the big players do and try and copy there policies.

 

[PBComputer]

I'm trying to sort documentation at the moment and failing and also get mailchimp for to do reopt in.

 

[freedomit]

I'm trying to sort documentation at the moment and failing and also get mailchimp for to do reopt in.

Are you just writing your own or have you purchased a toolkit of some sort?

 

[PBComputer]

I'm going down the template route once I find one. Ideally free.

 

[purdybread]

I have a few business customers ring me this week looking help with this and I thought it might be a revenue stream. I've set down tonight to read about it (yes I'm only starting now, I know, I know) and it is a confusing minefield!

Lots of websites, blogs etc on the topic, but all very vague, intentionally so I think so you will call them for help or buy their guides! Even the official stuff is confusing. You may or may not need a data protection officer, depending on company size, but what size? You need a privacy statement, but what is actually supposed to be in it? Arrrgghhh

Personally I think it has been blown out of all proportion, and a whole industry has sprang up surrounding it. One paper I seen today had nearly 3 pages of ads from firms offering their services in respect to GDPR. It actually reminds me of all the nonsense that surrounded the year 2000 and being prepared. The company I worked for at the time made quite a bit of money out of that rubbish.

The problem though this time is its a legal requirement, although I think the DPA 1998 was too and no such fuss about compliance for that. In fact I have never heard one of my small business customers mention it.

Anyway @PBComputer if you find any of those elusive templates please share, or anyone else who has any advice it would be greatly appreciated.

 

[NJW]

At least the Data Protection Act has some reasonable get-out clauses. The GDPR has no usable exceptions, it seems to me. As @purdybread already mentioned, almost every reference starts off by referring the reader to your company's data protection officer. Well, that's me, as I'm everything else, too. To glibly say that compliance with the DPA means that the GDPR shouldn't be a problem is misleading at best, if not negligent (viz. @acs link to ebuyer.com*).

I wrote a lot more, but I'm not sure that I should put it in an open forum.

*Edit to clarify: not a criticism of @acs, rather the contents of the ebuyer article.

 

[TechLady]

I'm curious what this new thing is...??

 

[GTP]

I'm curious what this new thing is...??

Please correct me if I'm wrong, but I think it's only in the UK?
Similar to your PCI/ HIPPA complience

 

[PBComputer]

Please correct me if I'm wrong, but I think it's only in the UK?
Similar to your PCI/ HIPPA complience

Incorrect.its mainly Europe. But countries needed to follow gdpr. As you can be fined in any countries
. Especially if you send newsletter or dot business in Europe

 

[Markverhyden]

I was just wandering around O365 and noticed they have a GDPR section. Those of you with O365 for Business should have access to that.

 

[callthatgirl]

Yes I am preparing as I have UK customers. And when the US adopts, I'm ready.

 

[seashore]

I run a fairly large forum (not IT related) and all members are UK-based. I'm considering my obligations if a member has used his real name as a username and asks me to remove all his posts. Obviously deleting all his posts would result in threads not making much sense if others have already made replies. Would I be correct in assuming that obfuscating his username would be sufficient? He wouldn't be uniquely identifiable just from the content of his posts.