Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Notices

Reply
 
Thread Tools Display Modes
Old 04-04-2018, 15:24   #1
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,047
Thanks: 407
Thanked 1,509 Times in 475 Posts
GDPR

I know this was mentioned in another thread, but was just interested in how people are handling this.
Apparently we (we're a small manufacturing company) need Data Sharing Agreements with 'data processors' as we backup our company data online (BackBlaze) and our HR data (oh bugger) on a third-party company. Our website (again, handled by a third party) requires sign up to download technical documents, so again, we have to ensure this third party is GDPR compliant, etc.

We've had some initial consultancy, but they want to charge £5k for 5 days 'hand holding' to ensure we've the right documents and come up with a plan. 'Them upstairs' need a couple more quotes to confirm this original quote, but we've got back quotes for £9k and £11k.

Rather than stabbing apples in a barrel, I thought I'd ask here to find out where people are going for their GDPR knowledge and compliance....

Edit: Just to confirm: This about company GDPR compliance rather than solely for websites, etc.

Last edited by Chris Locke; 04-04-2018 at 15:27.
Chris Locke is offline   Reply With Quote
Old 04-04-2018, 17:59   #2
Anthony.S
XBL - AnthonyS UK
 
Join Date: Jul 2000
Location: Alton, Hants
Posts: 3,475
Thanks: 9
Thanked 184 Times in 176 Posts
It really isn’t rocket science. If your providers have ISO27001 and ISAE3402 compliance you are pretty much covered. A few clauses added to the contract to ensure the provider will comply to GDPR and not sub-contract without your approval etc and you’re there.
Any EU company also has to comply to GDPR so you are really looking at ensuring you are managing them sufficiently and covering any reputational risk.
Anthony.S is offline   Reply With Quote
Thanked once by:
Chris Locke (04-04-2018)
Old 04-04-2018, 19:35   #3
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,047
Thanks: 407
Thanked 1,509 Times in 475 Posts
That's handy info. Thanks.
Chris Locke is offline   Reply With Quote
Old 05-04-2018, 12:16   #4
ColinD
________________________
 
Join Date: Jul 2000
Location: Middlewich, Cheshire
Posts: 990
Thanks: 215
Thanked 62 Times in 30 Posts
We went through it with paid consultancy, included internally lots of stakeholders.

That way they dont think I.T. has gone nuts and is being OTT.

The 2 questions that really matter

What is consent?
What is a breach?

We spend 3 days in a room going over it.
__________________
If you really wanted to screw me up. You should have got to me earlier.
ColinD is offline   Reply With Quote
Old 05-04-2018, 13:02   #5
Anthony.S
XBL - AnthonyS UK
 
Join Date: Jul 2000
Location: Alton, Hants
Posts: 3,475
Thanks: 9
Thanked 184 Times in 176 Posts
This overview is useful for quick reference https://www.sandtro.no/2018/02/28/ov...sions-in-gdpr/

Regarding consent first look at anything that your are legally or required to process due to a regulatory requirement e.g. FCA as that is already covered.
Look at 'Legitimate interest' carefully as it is a minefield and a lot of companies are looking at it as an easy opt-in clause but you may be required to prove this if challenged.

It is also worth reading this article regarding a 'subject access request' - https://www.linkedin.com/pulse/night...r-karbaliotis/
Anthony.S is offline   Reply With Quote
Thanked once by:
Chris Locke (05-04-2018)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
GDPR for Amateurs douglasb Computing Forum 17 24-05-2018 17:14

All times are GMT. The time now is 14:05.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Copyright ©2000 - 2018 Poisonous Monkey Ltd. Part of The Digital Fix Network