• Get Help

    Please enter the 6-digit code provided by your support representative:


    You will be prompted by your browser to download the file Support-LogMeInRescue.exe.

    Your Security
    • Remote sessions are sometimes recorded for traceability and training purposes.

    • You are in full control of your computer at all times.

    • You always have overriding control of your mouse and keyboard, and you can end the screen-sharing session at any time.

    Use of EasylifeIT™ Support Connection

    EasylifeIT Remote Support is for use by established clients only

  • Call us on 0800 043 9186
    • Brightfield Business Hub Bakewell Road, Peterborough. PE2 6XU

      Sales or support

      0800 043 9186
      01733 715930

      This email address is being protected from spambots. You need JavaScript enabled to view it.
      This email address is being protected from spambots. You need JavaScript enabled to view it.

    • Suite 2, Level 1, London house, 68-72 London street, Norwich, NR2 1JT.

      Sales or support

      0800 043 9186
      01603 562996

      This email address is being protected from spambots. You need JavaScript enabled to view it.
      This email address is being protected from spambots. You need JavaScript enabled to view it.

    • 22 Orton Enterprise Centre Bakewell Road, Peterborough. PE2 6XU

      Sales or support

      0800 043 9186
      01733 715930

      This email address is being protected from spambots. You need JavaScript enabled to view it.
      This email address is being protected from spambots. You need JavaScript enabled to view it.

EasylifeIT™ Data Protection Audit

preview

THE STORM HAS PASSED – RIGHT?

“GDPR – thank goodness that is over! I got fed up with e-mails asking for my consent and inviting me to read privacy notices.”
Relief seems to have been a common reaction to the arrival of the UK’s third generation of data protection laws. After months of media attention and a good deal of confusion, everything seemingly went quiet.

You could be forgiven for thinking the storm had passed. Time to start the clean-up operation and cleanse the inbox of all those GDPR related messages from May you never opened. It all blew over and nothing really happened. It was just like the Millennium Bug. Not quite…

THE BEGINNING, NOT THE END

The new Data Protection Act (DPA) 2018 sits alongside the GDPR (General Data Protection Regulation) and aims to ensure data protection laws are effective for years to come – both pre- and post-Brexit. From 25th May 2018, The Information Commissioner’s Office (ICO) has had the powers to enforce the legislation.

But, thinking of that date as a deadline risks drawing the wrong conclusion. A deadline signifies a time by which something must be finished or submitted, whereas 25th May 2018 represents a beginning as much as an end. Whilst there had been two years for organisations to prepare for the changes, the task of identifying and addressing privacy and security risks did not finish there. Elizabeth Denham, The Information Commissioner, summed this up in a blog on 23rd May 2018 by saying: “we all know that effective data protection requires clear evidence of commitment and ongoing effort.”

https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2018/05/beyond-2018-data-protection-laws-built-to-last/ 

EVIDENCE OF EFFORT AND COMMITMENT

In the build up to the GDPR ‘deadline’, there was high profile focus on the significant increase in the maximum level of fines available to supervisory authorities such as the ICO. However, whilst these sanctions are available, supervisory authorities are not required to impose fines.Indeed, Elizabeth Denham’s blog of 23rd May 2018 stated that: “this law is not about fines. It’s about putting the consumer and the citizen first.” 

In making their assessment of appropriate action, the ICO must take into account a number of considerations. These include:

  • the intentional or negligent character of the infringement.
  • the degree of responsibility of the controller or processor taking into account technical and organisational security measures implemented by them.
  • the degree of cooperation with the supervisory authority, in order to remedy the infringement and mitigate the possible adverse effects of the infringement.

This helps to explain why the ICO will look for clear evidence of ongoing effort and commitment. Things can go always go wrong, even in an organisation which is well prepared. However, demonstrable evidence that reasonable steps have been taken to reduce data privacy and security risk will be taken in consideration if the worst happens.

Therefore, building and maintaining evidence of good data protection practice is something all organisations are expected to be doing. This should have started before 25th May 2018. If definitely should not have stopped after that date.

EASYLIFEIT™ DATA PROTECTION AUDIT

EasylifeIT can help your organisation provide evidence of its effort and commitment by facilitating and documenting a personal data information audit.

The primary aim is to identify areas of the business that are likely to process personal data, and in particular any special categories of personal data (previously known as ‘sensitive’ personal data).

Areas to be assessed are typically:

  • Human Resources
  • IT / Operations (to determine the computerised systems in use and to assess the security and contingency measures in place)
  • Marketing / Commercial (particularly in terms of analysing how consent is obtained and managed)

To maximise the value of the audit, decision makers representing each of the company’s key data processing functions need to be involved in the process. EasylifeIT’s consultant will spend one day on-site working directly with those nominated decision makers.

DPA 2018 / GDPR requires organisations to document what personal data they hold, where it came from and with whom they share it. Specifically, EasylifeIT’s Data Protection Health Check will seek to identify the extent to which an organisation understands and has documented the following:

  • Names of databases / applications personal data is processed in. Although this is likely to focus on computerised systems, it would also cover paper based systems if applicable.
  • A description of the purpose for processing that personal data
  • Categories of personal data e.g. name, telephone number, address etc
  • Access from / to third parties e.g. contractors or organisations that process any of the data on behalf of the organisation
  • Hosting location / use of internal or external service providers, particularly if outside of the EU
  • Back-up locations, particularly if outside of the EU
  • Contact details of person in charge of the relationship which covers databases / applications
  • Method of data transfer if outside of EU i.e. appropriate safeguards such as contracts are in place if data is transferred outside of the EU
  • Consent – how the organisation is seeking, obtaining and recording consent
  • Safeguarding – the methods in use to protect against unauthorised or unlawful processing and against accidental or unlawful loss, destruction, alteration, unauthorised disclosure of or access to personal data
  • Policies and procedures covering data privacy and security

In addition, the ICO has also designed a basic tool set to help organisations assess their compliance with data protection law. It helps with understanding the key concepts companies must continue to embrace. These include: the new rights of individuals, handling subject access requests, consent, data breaches and designating a data protection officer.

https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/ 

As part of EasylifeIT’s Data Protection Health Check, our consultant will run through relevant questionnaires from this tool set with the company’s designated decision makers. This will provide another useful measure of the organisation’s current level of preparedness and the gap (if any) which needs to be closed. Analysis of this will be included in EasylifeIT’s report which will be provided as part of the Data Protection Health Check.

DELIVERABLES

A 2 day programme of work, comprising:

  • 1 day on-site working directly with the company’s nominated decision makers from pre-defined key functions
  • 1 day to analyse findings from the on-site data gathering and to produce and deliver a report of findings and recommendations

BENEFITS

  • A prioritised action plan designed to build and maintain evidence of commitment to good data privacy and security practice 

JAMES ALLISON

James AllisonSTRATEGIC IT CONSULTANT. EASYLIFEIT NORWICH
JAMES IS AN EXPERIENCED AND VERSATILE BUSINESS PROFESSIONAL WHO HAS WORKED ACROSS MULTIPLE SECTORS. HE PROVIDES COMPLEMENTARY SKILLS TO EXECUTIVE TEAMS, ADVISING ACROSS A RANGE OF DISCIPLINES INCLUDING IT STRATEGY, BUSINESS CONTINUITY PLANNING AND IT PROJECT MANAGEMENT

Print Email

How to contact EasylifeIT™

  • Contacting EasylifeIT™ is easy. Call us on 0800 043 9186 (+44 1733 715930) if you would like to speak to one of our team. Alternatively, email This email address is being protected from spambots. You need JavaScript enabled to view it. or complete our short enquiry form.

    Please note that you will be redirected to our secure SSL portal to submit your details and returned when finished

    Contact Form

Strategy and consultancy

Strategy and consultancy
EasylifeIT™ Director
ConceiveIT. A bewildering array of choices; unfathomable jargon. EasylifeIT™ will talk to you in plain English. We will help you make sense of your options and give you the confidence to make good decisions

Read more

Preparation and implementation

Preparation and implementation
EasylifeIT™ Project Manager
ImplementIT. Let us plan, manage and implement the project for you, taking the weight off your shoulders while bringing years of cumulative experience to ensure its success.

Read more

IT SITE MANAGER and support

IT SITE MANAGER and support
EasylifeIT™ Site Manager
ManageIT. Few things are so disruptive to your operations as when the IT misbehaves, and a poorly maintained and managed system is much more likely to go wrong. Delegate this responsibility to easylifeIT™

Read more

IT SECURITY and Cyberessentials

IT SECURITY and Cyberessentials
EasylifeIT™ Security
SecureIT. The use of internet and email has brought enormous benefits, but also considerable risk. Every day there are cyber-attacks against companies just like yours

Read more