First of all, we recommend you to get started as soon as possible with getting compliant with the new regulations. As May 25th 2018 is closing up, postponing the transition may give your company little room for finding optimal solutions and workflows, which can turn out to be more demanding than first expected.
As we mentioned in our previous article the price of not complying is high, and the sooner you get on the right side of the regulation, well - the better!
To start the transition and path to compliance with GDPR, you should start by getting an overview of all the personal data your business gathers and is in control of. All businesses in control of personal data are already legally required to know the source and fate of this data, so this is a good place to start.
Ensure that you are compliant with the current legislation, as the transition towards the new legislation will go smoother if you follow the current national and EU standards. This requires you to manage who has control of the personal data, how the data is used, accessed and processed.
- Furthermore, you must establish internal controls in order to detect security breaches and set the security at an adequate level. Your security initiatives must be documented and you must report any anomalies to the relevant government agency. With the new requirements, reporting must be done within 72 hours after security breaches.
- Maintain your commitment by making well-defined routines to follow the new rules, and ask yourself whether your systems are adequate with the minimum requirements of the new GDPR regulations, eg. are you being capable of answering sufficiently to all inquiries from customers within a month.
Finally, by regularly evaluating and reviewing your system and your data, you can stay updated and compliant with GDPR.
Where are you on the journey to GDPR rediness?
Microsoft's GDPR Assessment toolbox can be found useful, check it out here.
How can we help you?
The team at Ironstone are highly competent and have knowledge on the new requirements of GDPR, and what the new legislation means to businesses with personal data stored in cloud solutions. At Ironstone, we are committed to deliver technology and cloud products, which are made to be compliant with GDPR.
As a Microsoft Gold partner, we at Ironstone are thrilled to see the proactive steps Microsoft has taken towards GDPR compliance and is well-known for its extensive security measures. Microsoft was the first cloud service provider to implement the stringent requirements of the ISO 27018
You can find more information about ISO 27018 in our Security Checklist.
Microsoft has repeatedly shown itself to be a pioneer within cloud security with tools like Intune and AIP (among many), and the latest transition towards GDPR compliance is just one of many security initiatives embraced by the company.
Microsoft ensures that its products will be GPDR compliant by May 2018, when GDPR becomes effective, and have already provided tools like AIP and Cloud App Security. This means that by applying Microsoft cloud services, you are guaranteed that your technology meets the requirements of the GDPR.
At Ironstone, we offer the latest and greatest of Microsoft products, which meet technological demands in areas such as access to personal data, the transfer of personal data, objection of processing of personal data, deletion- and correction of personal data. Compliance with the GDPR is a shared responsibility between your organization and the cloud service provider.
We at Ironstone can help you with the latest technology, guidance on how to become ready and how you can secure your customers' data in the best possible way.