Like many organisations, Harrison Beale & Owen have been preparing for the forthcoming General Data Protection Regulations (GDPR) which come into force in the UK on 25th May 2018.
By engaging a local consultancy company, Risk Evolves, we commenced a project in October 2017 that included:
- Our Senior Manager engagement
- Staff training and awareness
- Information audit (what data is held and taken)
- Processing activities and the lawful basis agreed
- Data Privacy Impact Assessments
- A review of our 3rd parties and their readiness for assessment
- Policy framework and governance
- Processes for Data Subject requests and Breach Incident response
We have chosen to adopt the Information Assurance for Small Medium Enterprise (IASME) standard together with the optional module for GDPR Readiness.
The IASME framework included certification to the Government and National Cyber Security Centre’s recommended cyber security scheme called Cyber Essentials, which we first achieved in 2016. The IASME certification is aligned to the internationally recognised standard for information security called ISO27001, but has been adapted to be appropriate for smaller organisations. The GDPR module of the certification includes a further 30 questions developed by a group of solicitors to assess the readiness to the GDPR. More information on the IASME & GDPR framework can be found on the IASME website.
We plan to achieve certification to the IASME & GDPR by 31st March 2018.
We recognise that guidance on the new regulations continues to be issued from the Information Commissioners Office and working with our partners, we will continue to monitor and, if appropriate, implement any further recommendations that may be made available prior to the 25th May.