What is GDPR, why should you care and how can AXELOS’ RESILIA™ best practice help you manage it? ITSM consultant and trainer, Stuart Rance has addressed these critical questions in AXELOS’ “GDPR: Beyond Compliance” White Paper.
Handing over personal data to an organization is like lending your expensive sports car to a neighbour and trusting them to keep it safe and sound.
You’d want to know your neighbour respects and values your car, that it won’t fall into the wrong hands or be used the wrong way. In fact, you’d probably demand some guarantees before handing over the keys!
In today’s world, where organizations ask us repeatedly to disclose and share personal details online, we should have the same level of concern for our personal data – and so should organizations.
The analogy of borrowing a car and managing data is a great way to illustrate the issues every organization faces in handling personal data when the new EU-wide GDPR regulations come into force on 25 May 2018.
This means that sharing personal data with organizations is no longer just a trade-off for consumers to get access to better services; it compels companies in law to take real responsibility for obtaining permission, respecting individual privacy and protecting data.
Failure to meet the new GDPR regulations, or suffering a data breach, can lead to hefty sanctions including financial penalties of up to 4% of an organization’s worldwide turnover. The stakes are high, so it is vital that data protection procedures are robust.
A new downloadable guide – ‘GDPR: Beyond Compliance’ – from AXELOS shows how a strong cyber resilience strategy is integral to the managing data protection.
The guide highlights how RESILIA Professional Certified training within organizations will give management and staff an understanding of the procedures or activities needed to meet the GDPR challenge including:
- Identifying what personal data your organization holds, why and where it is
- Building in the concept of data privacy from the outset
- Creating common approaches to data governance
- Devising policies and ensuring compliance
- Risk management
- Being prepared for audits.
Under the new regulations, it is necessary for organizations to show there is a formal GDPR management system in place to protect the data. RESILIA’s practices for ITSM and information security procedures provide a template to produce these records when required.
RESILIA’s governance, risk and policy management guidance also provide a framework to meet GDPR compliance by identifying where staff training, especially from IT, legal or HR departments, is needed so that they all understand the importance of managing personal data.
GDPR also presents business opportunities. By knowing exactly what data you have, and where it is held, enables you to better understand your customers. The data can be used to develop and deliver more targeted goods and services and secure a vital competitive advantage.
So, no matter the personal data you hold GDPR ensures that you protect it by having the right policies and procedures in place. It is just like when you hand over those car keys to your neighbours. They become the car’s custodian and you expect them to be responsible and keep it safe and secure.
Download AXELOS’ “GDPR: Beyond Compliance” White Paper.
GDPR: Beyond Compliance webinar
Listen to the audio of our webinar with Stuart Rance and Dan Cole, RESILIA Future Portfolio Lead, who discussed how utilizing the RESILIA Cyber Resilience Best Practice guidance and the RESILIA Professional certification can help you prepare for GDPR.
Register for the webinar details
Visit AXELOS.com/RESILIA to find out more information on RESILIA and the rest of the portfolio.
You can also request a live demonstration of our RESILIA Frontline cyber security awareness training by visiting AXELOS.com/resilia-frontline
Make your people your greatest defence against cyber-attacks today!
Read more AXELOS Blog Posts by Stuart Rance
ITIL® Update: Putting principles before process
Service Desk Improvement - Part 1
Service Desk Improvement - Part 2.
Service Desk Improvement - Part 3
How does 'Focus on Value' relate to the rest of ITIL Practitioner Guidance?
ITIL® Practitioner - Focus on Value