Page 35 - Linkline Yearbook 2018
P. 35

 So, with the possibility of serious sanctions for non-compliance how should organisations be preparing? First and foremost, Conor believes organisations should contact their corporate risk register because this is a risk to the business if you don’t. “One of the most e ective ways to get senior management to commit human or  nancial resources to anything is to get on a risk register and put an appropriate risk to the business on it. We’ve talked about what the sanctions are; you can be  ned, you could have people taking you to court, you could be named and shamed in the data protection commissioner's annual report but one of the other sanctions they have is they can actually stop you processing, if they feel you have had a breach or you have acted in a negligent or inappropriate way. They can come in and make you switch o  your systems, so you can imagine the impact on a business if they had to stop processing, people need to get this up on their risk register.”
“This is not about bureaucrats or consultancy companies selling time or IT security  rms selling product; it is about the European Union taking a stance with how Governments, organisations, law enforcement and various bodies use people’s information.”
What is a Corporate Risk Register?
The Corporate Risk Register is designed
to record the evaluation of corporate risks to the Board or
management, and to inform those responsible for managing those risks about actions taken and planned to mitigate them. This in turn helps to ensure that all signi cant risks have been suitably identi ed, assessed and managed.
Conor also believes organisations should be undertaking a readiness assessment or audit to identify the size of the problem and to understand the impact of applying the principles and rights of GDPR to the data, adding “There is quite a bit of work to be done but the worst decision management can make is to do in nothing.
Aside from inaction, Conor is worried that many organisations may be viewing GDPR as a project and it is not; it is process. “This is a permanent part of your world for the future and it can’t be something that you throw lots of capital resources at to buy equipment and software, and your GDPR is done. GDPR is about privacy. It is about the entitlement of the data subject. It’s not about security, encryption or buying the latest piece of software.”
He is also keen to stress that it might be that you make no software adjustments and become compliant.”What a lot of people are missing in this whole debate is GDPR also covers paper records, not just electronic. You can’t apply encryption to paper so you must have your processes in place; how you engage with the citizen, how you gather your data, how you get rid of it, how you control access to it and so on. These are privacy issues, the technology controls will come out of how you will manage that. It is not a technology project  rst and I think that is getting lost in some of the discussion.”
GDPR will no doubt instigate huge changes across Europe and Conor  rmly believes GDPR is a good thing, simply put, he says “it is giving the citizen back control of their data and I think this is vitally important. This is not about bureaucrats or consultancy companies selling time or IT security  rms selling product; it is about the European Union taking a stance with how Governments, organisations, law enforcement and various bodies use people’s information. It’s about putting a little bit of manners on organisations who will have access to, or require a large amounts of data, to make sure what they are doing is done in an appropriate way and not excessive.”
GDPR is changing how businesses and public sector organisations can handle the information of customers and citizens. It is a permanent part of our world for the future and it cannot be ignored; the potential consequences of GDPR non-compliance are simply too high not to.
   The CharTered InsTITuTe of LogIsTICs & TransporT 35
  GDPR






















































































   33   34   35   36   37