How Small Irish Businesses Avoid the GDPR Sting

Accountants providing chartered accounting services and tax advice are alerting smaller Irish companies to the consequences of the pending General Data Protection Regulation (GDPR). They believe these are going to feel the most pain come 25 May 2018, if they do not implement GDPR by then. We are trying our best to help avoid this situation by providing advice.

How to Kick the GDPR Ball into Play

The Irish Information Commissioner?s Office has produced a toolkit regarding where?s best to start. They suggest beginning with an information security assessment to determine the gaps companies need to close. Once quantified, this leads naturally to a plan of action, and resources needed to fulfil it. Here?s how to go about it:

1. Start by assessing your current ability to identify, assess, and manage threats to customer data security. Have you done anything at all to date? You must be holding some customer information surely, and it is highly likely the GDPR applies to you.

2. Next, review your company?s current customer data security policies. Are they documented and approved, or do new employees discover them sitting next to Nellie? Rate yourself on a scale where ten is successful implementation.

3. Now consider how well you have pinned responsibilities on individuals to implement policies and take the lead on GDPR. The latter should be the business owner, or a board member with clout to make things happen.

4. By now, you should have a grasp of the scale of work ahead of you, remembering the EU deadline is 25 May 2018. If this sounds overwhelming, consider outsourcing to your accountant or a specialist provider.

5. Under the General Data Protection Regulation you have only 72 hours to report a breach of customer data security to the Information Commissioner?s Office. Do you have a quality assurance mechanism to oversee this?

Tangible Things to Bring Your Own People on Board

With all the changes going on, there is a risk of your employees regarding GDPR as ?another management idea going nowhere.? Thus, it is important to incorporate the new EU regulations in staff training, particularly with regard to data security generally. They may fully come on board only once they see tangible signs of progress. You should in any case put the following measures in place unless you already have them:

1. A secure area for your servers and for any paperwork your customers provided. This implies access control on a need-to-know basis to protect the information against loss, damage, and theft.

2. A protocol for storage media and record disposal when you no longer require them or something supersedes them. You are the custodian of other people?s information and they deserve nothing less.

3. Procedures to secure customer data on employee mobile devices and computers: This must extend to work done at home, at consultant sites, and by remote workers.

4. Secure configuration of all existing and new hardware to minimise vulnerability and storage media crashes. These quality assurance measures should extend to removable media and remote backups.

So Is This the Worst of the Pain?

We are at the heart of the matter, although there is more to tell in future articles. You may be almost there, if you already protect your proprietary information. If not, you may have key company information already open to malware.We should welcome the EU General Data Protection Regulation as a notice that it is time to face up to the challenges of data protection and security generally. The age of hacking and malware is upon us. The offender could be a disgruntled employee, or your competition just down the street. It is time to take precautions.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Is the GDPR Good or Bad News for Business

The European Union?s General Data Protection Act (GDPR) is a new data authority coming into force on 25 May 2018. It replaces the current Data Protection Directive 95/46/EC, while extending the remit to include the export of personal data outside the EU. It aims to give EU citizens and residents living there more control over their personal information. It also hopes to make regulatory compliance simpler for participating businesses.

The Broad Implications for Business
The GDPR puts another layer of accountability on businesses falling within its remit. It requires them to implement ?comprehensive but proportionate governance measures? including recording how they make decisions. The long-term goal is to reduce privacy infringements. In the short run, businesses without good governance may find themselves writing new policies and procedures.

Article 5 of the European Union?s General Data Protection Act lays down the following guidelines for managing personal data. This shall be ?
? Processed transparently, fairly, and lawfully
? Acquired for specific, legitimate purposes only
? Adequate, relevant and limited to essentials
? Not used for any other, incompatible purpose
? However it may be archived in the public interest
? Kept up to date with all inaccuracies corrected
? Ring-fenced when the information becomes irrelevant
? Adequately protected against unauthorised access
? Stored in a way that prevents accidental loss
Furthermore, affected businesses shall appoint a ?controller responsible for, and able to demonstrate, compliance with the principles.?

Implementing Accountability and Governance
The UK Information Commissioner?s Office has issued guidelines regarding provisions to assure governance and accountability. These are along the lines of the ?don’t tell me, show me? management approach the office has generally been following. In summary form, a business, and its controller must:
? Implement measures that assist it to ensure demonstrated compliance
? Maintain suitable, relevant records of personal data processing activities
? Appoint a dedicated data protection officer if scale makes this appropriate
? Implement technologies that ensure data protection by design
? Conduct data protection assessments and respond to results timeously

Implementing the General Data Protection Act in Ireland
The Irish Data Protection Commissioner has decided it is unnecessary to incorporate the GDPR into Irish law, since EU regulations have direct effect. The office of the Commissioner is working in tandem with data practitioners, and industry and professional bodies to raise awareness in business through 2017. It has produced a document detailing what it considers the essentials for business compliance. Briefly, these pre-requisites are:
? Ensure awareness among key personnel, and make sure they incorporate the GDPR into their planning
? Conduct an early assessment of quality management gaps, and budget for additional resources needed
? Do an audit of personal data held, to determine the origin, the necessity to hold it, and with whom shared
? Inform internal and external stakeholders of the current status, and your future plans to implement the GDPR
? Examine current procedures in the light of the new directive. Could you ?survive? a challenge from a data subject?
? Determine how you will process requests for access to the data in the future from within and outside your organization
? Assess how you currently obtain customer consent to store their data. Is this “freely given, specific, informed and unambiguous”?
? Find how you handle information from underage people. Do you have systems to verify ages and obtain guardian consent?
? Implement procedures to detect, investigate, and report data breaches to the Data Protection Commissioner within 72 hours
? Implement a culture of always assessing the effect on individual privacy before starting new initiatives

So Is the GDPR Good or Bad for Business
The GDPR should be good news for business customers. Their personal data will be more secure, and they should see their rate of spam marketing come down. The GDPR is also good news for businesses currently investing resources to protect their clients? interests. It could however, be bad news for businesses that have not been focussing on these matters. They may have a high mountain to climb to come in line with the GDPR.
Disclaimer: This article is for information only and not intended as a comprehensive guide.

Contact Us

  • (+353)(0)1-443-3807 (IRL)
  • (+44)(0)20-7193-9751 (UK)
A Definitive List of the Business Benefits of Cloud Computing ? Part 4

Lowers cost of analytics

Big data and business intelligence (BI) have become the bywords in the current global economy. As consumers today browse, buy, communicate, use their gadgets, and interact on social networks, they leave in their trail a whole lot of data that can serve as a goldmine of information organisations can glean from. With such information at the disposal of or easily obtainable by businesses, you can expect that big data solutions will be at the forefront of these organisations’ efforts to create value for the customer and gain advantage over competitors.

Research firm Gartner’s latest survey of CIOs which included 2,300 respondents from 44 countries revealed that the three top priority investments for 2012 to 2015 as rated by the CIOs surveyed are Analytics and Business Intelligence, Mobile Technologies, and Cloud Computing. In addition, Gartner predicts that about $232 million in IT spending until 2016 will be driven by big data. This is a clear indication that the intelligent use of data is going to be a defining factor in most organisations.

Yet while big data offers a lot of growth opportunities for enterprises, there remains a big question on the capability of businesses to leverage on the available data. Do they have the means to deploy the required storage, computing resources, and analytical software needed to capture value from the rapidly increasing torrent of data?

Without the appropriate analytics and BI tools, raw data will remain as it is – a potential source of valuable information but always unutilised. Only when they can take the time, complexity and expense out of processing huge datasets obtained from customers, employees, consumers in general, and sensor-embedded products can businesses hope to fully harness the power of information.

So where does the cloud fit into all these?

Access to analytics and BI solutions have all too often been limited to large corporations, and within these organisations, a few business analysts and key executives. But that could quickly become a thing of the past because the cloud can now provide exactly what big data analytics requires – the ability to draw on large amounts of data and massive computing power – at a fraction of the cost and complexity these resources once entailed.

At their end, cloud service providers already deal with the storage, hardware, software, networking and security requirements needed for BI, with the resources available on an on-demand, pay-as-you-go approach. In doing so, they make analytics and access to relevant information simplified, and therefore more ubiquitous in the long run.

As the amount of data continues to grow exponentially on a daily basis, sophisticated analytics will be a priority IT technology across all industries, with organisations scrambling to find impactful insights from big data. Cloud-based services ensure that both small and large companies can benefit from the significantly reduced costs of BI solutions as well as the quick delivery of information, allowing for precise and insightful analytics as close to real time as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK
eCommerce

 

We bet you’ve often read how getting rich through the Internet can be fast and easy. Time for your 5-second reality check: It’s going to entail lots of hard work, dedication, a great deal of information and the ability to use that information to your advantage. Sounds familiar?

Well, it should be. After all, it’s still business. However, while the basic ingredients to achieving success in business are still the basic prerequisites in eCommerce, there are also a lot of technical aspects that have to be factored in. This is where you’ll need us.

Well, actually, we’re going to help you out on those basic ingredients too. That’s because our dedicated specialists will perform most of the hard work until you gain enough know-how to run things on your own.

If you’re starting from scratch, we’ll help you build on your idea and transform it into an actual web-based business.

Then once you’ve got your site online, we’ll redirect traffic to it, attract the right visitors, convert those visitors into buyers and keep them satisfied so that they’ll come back and even spread the word.

Some of our related services include:

Ready to work with Denizon?

Contact Us Today