News

A Practical Guide To GDPR - Apex Computing

Written by Daniel Shone | May 10, 2018 11:00:00 PM

A Practical Guide To GDPR

*Click to Enlarge Image*

There is a lot of information and beginner’s guides to GDPR available. This is a visual interpretation of what we feel are key aspects our customers need to be aware of.  This is a condensed overview of key aspects of GDPR. It highlights that although some items are IT related, a large proportion of compliance is in relation to the handling of data and internal processes. We recommend all customers seek legal advice.

 

From a layman’s perspective, we have identified things to do. They are split up into Internal things to do, that you can do yourself and External things that you can have done to make your systems and networks safer.

 

Internal Things to do:

Data Risk Analysis

Identify and record your data flows

Appoint a Data Protection Officer

Staff training for Cyber Awareness

Write Data Protection Policies for your website

Subject Access Request Procedure

Know who to contact when a data breach occurs

Central place of record – time and date of breaches

 

External Things to do:

Security Audit

Penetration Test (Internal and External)

2 Form Factor Authentication

Encryption on Devices (Desktop and Portable)

Get Cyber Essentials (Basic or Plus)

GCHQ Board Level Training

GDPR Health Check Assessment