GDPR – the final countdown

The clock is ticking. It’s now just two months until the UK becomes subject to a whole new set of rules related to data protection. And while most schools will be well on the way to getting GDPR ready, those tasked with carrying out the necessary measures will no doubt be feeling the strain.

Two firms leading the way when it comes to GDPR expertise are Speke-based Copyrite Systems and IT equipment specialists Ricoh. We’ve called upon their expertise to put together a final checklist as the countdown begins.

Rethink Access

 Any business or entity holding personal information has a responsibility to make sure it can’t be stolen or leaked. As schools have access to somewhat sensitive information, particularly that which regards minors, it’s essential that it is kept confidential so that its integrity cannot be altered. This means schools will need to restrict access to certain information.

As the team at Ricoh point out, if any of your staff work remotely then this adds further complexity to the issue and additional security measures need to be in place to accommodate file sharing from any location. Those files must be as secure in transit over networks and across devices as they are in storage. Strong encryption technology can effectively follow and protect data throughout its lifecycle.

Don’t slip up on destruction

Being able to dispose of data effectively is as important as being able to hold it securely under GDPR rules. A good data disposal service will include hard disk cleansing, memory flushing, unprinted file deletion and delete on logout functionality to prevent sensitive information from the document footprint being left behind.

Stay accountable

One of the watch words of GDPR is accountability. It will not be possible to blame a data breach on an oversight. Every action you take must be documented and details to stay compliant. Indeed, it’s not enough that you do the right thing, you need to be able to prove you’ve done the right thing and explain how and why. Remember the first rule of arithmetic; it’s not just the answer that matters but the method!

Watch out for the risks

You may think you’re being as comprehensive as possible when it comes to auditing or erasing the data you hold, but there could be areas you’re missing if you’re not careful. Even a decommissioned device (such as a printer that’s no longer used) can contain both digital and physically-stored information.

 Be ready for action

As with anything in life, regardless of how prepared you are for GDPR, things can and, at some point, probably will go wrong. What matters is how you respond. The experts suggest having mechanisms in place to so that breach of data can be identified quickly and acted upon. Transparency will be key so addressing the issue quickly and making it known that steps have been taken to deal with the breach will be important.