With only seven weeks to go, the countdown to becoming GDPR compliant has certainly begun and with new data breaches hitting the headlines on a weekly basis, data security is certainly more of a hot topic than ever.
You may be thinking you have not heard much from Sterling on the subject of GDPR. This is because it’s already an integral part of the way we work, having been established as a key project for us over a year ago and the implementation phase of our GDPR project is well underway.
During the next seven weeks we will countdown the steps Sterling has taken on our GDPR journey, giving you peace of mind that we are GDPR ready.
Step 1 – Analyse
Not the first step in our journey but possibly the most significant; the external gap analysis.
Sterling continues to be advised by external GDPR experts who have completed a gap analysis of our data acquisition, processing, storage and destruction practices against GDPR guidelines.
Our processes, policies and procedures were assessed, data flow was mapped and information lifecycles were established. Potential weaknesses highlighted by the gap analysis have been recorded on a Risk Register, which is being used as the foundation of our implementation plan.
Sterling’s recent retention of the ISO27001 accreditation set us up for success. As the international best practice for data security, ISO27001 is already recognised by the EU as a reliable framework.
An independent, expert assessment of our information security management systems concluded Sterling has implemented adequate measures to protect our data.
The GDPR encourages the use of certification schemes such as this to demonstrate active management of data security in line with legislation and best practice.
Sterling has scheduled a further external audit to ensure we are GDPR ready.
Look out for a further update next week where we will be focusing on another step in our GDPR journey; our GDPR task force.