{"id":4505,"date":"2018-02-27T15:48:32","date_gmt":"2018-02-27T15:48:32","guid":{"rendered":"https:\/\/cybersmart.com\/?p=4505"},"modified":"2021-10-06T12:08:08","modified_gmt":"2021-10-06T12:08:08","slug":"four-steps-towards-gdpr","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/","title":{"rendered":"Four steps towards GDPR"},"content":{"rendered":"<p class=\"p1\"><span class=\"s1\">The ICO (Information Commissioner\u2019s Office) has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">It is important to use this checklist and other ICO resources to identify the main differences between the current Data Protection Act (DPA) and the GDPR.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Below are three steps taken from the list which are worth knowing about!<\/span><!--more--><\/p>\n<p class=\"p1\"><span class=\"s1\">1).<b>Awareness<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">You should make sure that decision makers within your organisation are aware that the law is changing to the GDPR. They must understand the impact it is likely to have and identify areas that could cause compliance problems under the GDPR. Start off by looking at your company\u2019s risk register (if you have one).<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Compliance will be more difficult if you leave your preparations until the last minute. This is especially the case for larger, more complex organisations with lots of resources.<\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">2). <b>Communicating privacy information<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">People are advised to review their current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">As things stand currently, when you collect personal data you must give people certain information, such as your identity and how you intend to use their information. This is traditionally done through a privacy notice. However, under the GDPR, there will be more things you will have to tell people. For instance, you will have to explain your lawful basis for processing the data, your data retention periods and that individuals have a right to complain to the ICO if they think there is an issue with the way you are handling their data. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">3). <b>Lawful basis for processing personal data<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Most organisations won\u2019t have even considered their lawful basis for processing personal data. But, under the GDPR, individual\u2019s rights will be modified depending on your lawful basis for processing their personal data. People will have a stronger right to have their data deleted where you use consent as your lawful basis for processing. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">You will also have to explain your lawful basis for processing personal data in your privacy notice and when you answer a subject access request. The lawful bases in the GDPR are broadly the same as in the DPA.<span class=\"Apple-converted-space\">\u00a0 <\/span>It should be possible to review the types of processing activities you carry out and to identify your lawful basis for doing so. It is also strongly advised that you document your lawful bases in order to help you comply with the GDPR\u2019s \u2018accountability\u2019 requirements. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">4). <b>Get in line with Cyber Essentials<\/b><\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">There is no single product that will provide a complete guarantee of security for your business. Instead, organisations are advised to follow the approach of using a set of security controls that complement each other but will require ongoing support in order to maintain an appropriate level of security. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">Cyber Essentials, the UK government &#8211; backed scheme, was designed to help organisations protect themselves against common online threats. Cyber Essentials is suitable for all organisations, of any size, in any sector. <\/span><\/p>\n<p class=\"p1\"><span class=\"s1\">https:\/\/ico.org.uk\/media\/1624219\/preparing-for-the-gdpr-12-steps.pdf<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The ICO (Information Commissioner\u2019s Office) has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018. It&#8230;<\/p>\n","protected":false},"author":4,"featured_media":4448,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4,11],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Four steps towards GDPR - CyberSmart<\/title>\n<meta name=\"description\" content=\"The ICO has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Four steps towards GDPR - CyberSmart\" \/>\n<meta property=\"og:description\" content=\"The ICO has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\" \/>\n<meta property=\"og:site_name\" content=\"CyberSmart\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-27T15:48:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-10-06T12:08:08+00:00\" \/>\n<meta name=\"author\" content=\"Franklin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberSmartUK\" \/>\n<meta name=\"twitter:site\" content=\"@CyberSmartUK\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Franklin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\"},\"author\":{\"name\":\"Franklin\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/68ee13ff2d8e9852b17cdf67b4770f13\"},\"headline\":\"Four steps towards GDPR\",\"datePublished\":\"2018-02-27T15:48:32+00:00\",\"dateModified\":\"2021-10-06T12:08:08+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\"},\"wordCount\":542,\"publisher\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage\"},\"thumbnailUrl\":\"\",\"articleSection\":[\"Blog\",\"Cyber Security 101\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\",\"url\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\",\"name\":\"Four steps towards GDPR - CyberSmart\",\"isPartOf\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2018-02-27T15:48:32+00:00\",\"dateModified\":\"2021-10-06T12:08:08+00:00\",\"description\":\"The ICO has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018\",\"breadcrumb\":{\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cybersmart.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Four steps towards GDPR\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#website\",\"url\":\"https:\/\/cybersmartcom.wpengine.com\/\",\"name\":\"CyberSmart\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cybersmartcom.wpengine.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#organization\",\"name\":\"CyberSmart\",\"url\":\"https:\/\/cybersmartcom.wpengine.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png\",\"contentUrl\":\"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png\",\"width\":990,\"height\":1006,\"caption\":\"CyberSmart\"},\"image\":{\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs\",\"https:\/\/twitter.com\/CyberSmartUK\",\"https:\/\/www.instagram.com\/cybersmart.uk\/\",\"https:\/\/www.linkedin.com\/company\/be-cybersmart\",\"https:\/\/www.youtube.com\/channel\/UC620w4R_UG_P4ncd_9azlHg\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/68ee13ff2d8e9852b17cdf67b4770f13\",\"name\":\"Franklin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4ff3b610ad92b2d5a0d39f3a3b5a61db?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4ff3b610ad92b2d5a0d39f3a3b5a61db?s=96&d=mm&r=g\",\"caption\":\"Franklin\"},\"url\":\"https:\/\/cybersmart.com\/author\/franklin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Four steps towards GDPR - CyberSmart","description":"The ICO has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/","og_locale":"en_US","og_type":"article","og_title":"Four steps towards GDPR - CyberSmart","og_description":"The ICO has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018","og_url":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/","og_site_name":"CyberSmart","article_publisher":"https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs","article_published_time":"2018-02-27T15:48:32+00:00","article_modified_time":"2021-10-06T12:08:08+00:00","author":"Franklin","twitter_card":"summary_large_image","twitter_creator":"@CyberSmartUK","twitter_site":"@CyberSmartUK","twitter_misc":{"Written by":"Franklin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#article","isPartOf":{"@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/"},"author":{"name":"Franklin","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/68ee13ff2d8e9852b17cdf67b4770f13"},"headline":"Four steps towards GDPR","datePublished":"2018-02-27T15:48:32+00:00","dateModified":"2021-10-06T12:08:08+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/"},"wordCount":542,"publisher":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#organization"},"image":{"@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage"},"thumbnailUrl":"","articleSection":["Blog","Cyber Security 101"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/","url":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/","name":"Four steps towards GDPR - CyberSmart","isPartOf":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage"},"image":{"@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage"},"thumbnailUrl":"","datePublished":"2018-02-27T15:48:32+00:00","dateModified":"2021-10-06T12:08:08+00:00","description":"The ICO has produced a checklist, highlighting the main steps organisations can take immediately to prepare for the GDPR, which will apply from 25th May 2018","breadcrumb":{"@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/cybersmart.com\/blog\/four-steps-towards-gdpr\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersmart.com\/"},{"@type":"ListItem","position":2,"name":"Four steps towards GDPR"}]},{"@type":"WebSite","@id":"https:\/\/cybersmartcom.wpengine.com\/#website","url":"https:\/\/cybersmartcom.wpengine.com\/","name":"CyberSmart","description":"","publisher":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersmartcom.wpengine.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersmartcom.wpengine.com\/#organization","name":"CyberSmart","url":"https:\/\/cybersmartcom.wpengine.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png","contentUrl":"https:\/\/cybersmart.com\/wp-content\/uploads\/2020\/09\/cybersmart-aboutus-mobile.png","width":990,"height":1006,"caption":"CyberSmart"},"image":{"@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/CyberSmartUK\/?ref=br_rs","https:\/\/twitter.com\/CyberSmartUK","https:\/\/www.instagram.com\/cybersmart.uk\/","https:\/\/www.linkedin.com\/company\/be-cybersmart","https:\/\/www.youtube.com\/channel\/UC620w4R_UG_P4ncd_9azlHg"]},{"@type":"Person","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/68ee13ff2d8e9852b17cdf67b4770f13","name":"Franklin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersmartcom.wpengine.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4ff3b610ad92b2d5a0d39f3a3b5a61db?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4ff3b610ad92b2d5a0d39f3a3b5a61db?s=96&d=mm&r=g","caption":"Franklin"},"url":"https:\/\/cybersmart.com\/author\/franklin\/"}]}},"_links":{"self":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/posts\/4505"}],"collection":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/comments?post=4505"}],"version-history":[{"count":0,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/posts\/4505\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/media?parent=4505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/categories?post=4505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersmart.com\/wp-json\/wp\/v2\/tags?post=4505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}