May 25th came and went and, despite all the portents of doom, the planet did not wobble out of orbit and head into the sun.
What was May 25th? GDPR day, in case you’ve forgotten all the activity to make sure that you were compliant and all those emails begging you to re-subscribe to newsletters. A lot of businesses, however, are still working on compliance and although many more businesses thought “that’s it” and “we’re done,” the initial process is only part of the story.
The task of maintaining GDPR compliance will be an ongoing business process, for ever more, as people join and leave, suppliers come and go, customers move on and a whole host of other activities occur that affect data and raise privacy issues.
So what were we doing while…?
We weren’t just leaving you to it: GDPR is for life (not just for Christmas!). Instead, we were busy developing—and have now launched — the Bristol IT Company Security Operations Portal, SecOps.
SecOps helps you record and manage your GDPR compliance. There are checklists, audit management, Data Protection Impact Assessments (DPIA), as well as templates for privacy policies, a secure area where you can upload your documents, and much more.
In fact, SecOps is everything you need to run your GDPR compliance tasks in one, highly secure, place: Use the templates and checklists; keep the answers safe for audit purposes, and breathe a sigh of relief that you won’t have forgotten something really important that you might otherwise be fined for.
Keeping your website safe
When you become a SecOps user there is one other really useful function, a website security tool, which scans your site for malware.
This is not strictly just a GDPR thing, but it’s a vitally important weapon in the fight against cyber criminals, who try to hack websites of businesses large and small, in order to plant their malicious software in places that lots of internet users visit. They do this to steal money, and they don’t care about the damage to your business’ reputation or any fines you might have to pay when bad things happen to your clients (read more about the whys and wherefores of hacked websites in an earlier post on our blog).
If your clients normally transact with you on your web site it’s a more serious matter still. In that case, keeping your website secure is a key part of your GDPR Information and Data Security management task:
GDPR includes a new requirement to notify. So, if your website does get hacked and personal information is stolen, you have a legal obligation to inform everybody whose data may be at risk and, in some cases, you must also promptly notify the Information Commissioner’s Office (ICO), too.
There might also be a serious fine for “allowing” hacking to happen—up to 4% of your turnover or €20m, whichever is the greater—so knowing that your website remains clear of infection is much more than just a good thing.
Smile! We’re on G-Cloud…
G-Cloud is the UK government’s digital marketplace, an online platform that makes it “simpler, clearer and faster” for local and national government departments as well as local authorities to find, and procure cloud based solutions for their organisations.
Bristol IT Company is pleased to announce that SecOps is now also available through the G-Cloud platform. So if yours is a public entity with access to G-Cloud, your GDPR compliance task just got easier still.