GDPR – It’s data protection, Jim, but not as we know it

Have you heard about GDPR? If you’re a business that deals with data in any way, shape or form, or you use suppliers that handle your data, you soon will – as you may be on the end of a rather hefty fine if you haven’t implemented it by May 2018.

So what is GDPR? GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The steadily increasing number and scale of cyber-attacks in recent years have prompted the EU to replace the outdated 1995 data protection directive with a vastly more detailed and wide ranging set of measures which all companies handling data need to abide by or risk heavy financial penalties.

Simple, right? No. The problem is that the GDPR is open to interpretation. It states, for example, that companies must provide a ‘reasonable’ level of protection for personal data but does not define what it considers ‘reasonable’, which is a troubling thought when fines of up to 4% of global turnover will be levied for GDPR breaches. It is also currently not possible to be officially GDPR certified, despite the GDPR governing body stating that all affected organisations must be compliant by 25th May 2018.

Techbuyer is ahead of the game

Techbuyer have been dealing with sensetive customer data ever since we wiped our first drive over a decade ago. Ten years later we are using industry-leading software from White Canyon and Blancco, the same software used by NASA and the US Department of Defense, as a measure of how seriously we take our customers’ data. We are also pleased to say that we are now pioneering the adoption of GDPR standards in the region and are ahead of schedule in our preparation for its implementation compared to other organisations, which is difficult when there is no official certification for it! Larger organisations are tending to work towards the ISO/IEC 27001 in order to be GDPR complaint, but this solution is not viable to the majority of organisations in the UK due to its cost and complexity.

At Techbuyer we have focused our energies on obtaining what we feel is the best alternative for an organisation of our size – attaining the IASME Governance Standard. The IASME standard was recently recognised as the best cyber security standard for small companies by the UK Government and includes the Cyber Essentials assessment within it as well as an assessment against the requirements of the GDPR. Many organisations have attained the Cyber Essentials standard, but at the time of writing only one company in Harrogate has attained IASME governance – Techbuyer. This is by no means an easy process. We weren’t just satisfied with gaining accreditation, we wanted to take all appropriate precautions and actions to ensure we treat data with the upmost care. A noble gesture you might think, but not a simple one – doing so equated to around 1,000 man hours, the equivalent of 2-3 people working solidly for three months on nothing but this, and a 196 page final application. As you can see, gaining this level of compliance isn’t simply a box ticking exercise!

How GDPR benefits our customers

As a result of our hard work and our dedication to protecting the data other people entrust to us, we are now IASME Governance Standard certified, which is about as qualified as it is possible to be for the implementation of GDPR at this time; in short, we’re finishing the first stage of the race when most organisations are wondering how to build the car. The upshot of this is that our customers can be 100% sure that their data is dealt with in the most secure way possible, and that they are dealing with an organisation that not only complies with regulations but exceeds them in both scale and speed.

In achieving the IASME Governance Standard, Techbuyer has made sure that adopting the guidance and following the advice of the GDPR is not just something we feel we have to do, but is instead a principle of how we do business, ingraining privacy into our processes and procedures.

Your data is incredibly valuable and it is therefore vital that the suppliers you partner with, be that Techbuyer or another company, treat it with the respect and appropriate protection it deserves, something that accreditations such as IASME can help you evaluate.