GDPR – General Data Protection Regulations
Compliance to GDPR Regulations is not only a legal requirement it can contribute significantly towards keeping our information safe and delivering many of the following benefits to your organisation.
- Significantly reduced risk of reputational damage, legal penalties or business revenue due to loss of sensitive or Personally Identifiable Information (PII)
- Peace of mind assurance to our customers, staff, board members, suppliers and other interested parties that their data is secure
- A public demonstration that your organisation takes information security seriously
- Internal and external recognition of the quality of the information security controls in place
- Year-on-year improvement in the security of information assets as a result of the continuous improvement
- A strong move away from reactive fire-fighting towards proactive security incident reduction
- Better alignment of information security controls with the needs of the business and our customers through regular review meetings with interested parties
- Better perception and awareness of information security issues within the business, our customers and the internal IT user population
- An improved ability to manage information security breaches if they do occur, so reducing reputational damage and limiting business impact to us and our customers
General Data Protection Act – The Kaizen 10 Steps to Compliance
1. Ensure decision makers are aware of the GDPR requirements.
2. Document the personal data you hold.
4. Develop and implement your data management procedures.
5. Develop and implement subject access rights procedure.
6. Develop and review your consent management.
7. Develop and implement your procedures for verifying ages and verification for consent for data processing.
8. Develop and review your date breach procedures
9. Become familiar with ICO’s code of practice on privacy impact assessment and article 29 working party.
10. Designate a Data Protection Officer to manage your GDPR compliance.
BS 10012 Personal Information Management
BS 10012 provides a best practice framework for a personal information management system that is aligned to the principles of the EU GDPR. It outlines the core requirements organisations need to consider when collecting, storing, processing, retaining or disposing of personal records related to individuals in line with GDPR.
Easily integrated with other popular management system standards, BS 10012 brings big benefits to companies of all sizes, including:
- Helps to identify and manage risks to personal information
- Supports regulatory compliance with data protection legislation
- Inspires customer trust
- Protects your organisations reputation
Benchmarks your own personal information management practices with recognised best practice and ensure your company is legal and your personal data is secure through the Kaizen GDPR compliance program.