01732 759725
46
VOX POP
...continued
accreditation was a significant project
requiring substantial resources
and investment in more advanced
infrastructure. In many cases, there is also
a business benefit and increased efficiency
and functionality, as well as improved
security and compliance.”
Melissa Odawa:
“The GDPR is one of
the most comprehensive law changes
affecting businesses that the EU has seen.
Kyocera has taken all necessary steps and
will continue to take all necessary steps to
implement these changes throughout its
subsidiaries before the GDPR takes effect
on May 25, 2018.”
Graham Herrington:
“GDPR will
impact the resources of all organisations,
irrespective of size. Workload is similar
in any sized organisation, as available
resources seem to mirror size. For example,
a larger organisation is more likely to
have identifiable stakeholders in place
to manage it as a project within a team.
Whereas a smaller SME team member is
likely to wear multiple hats and have a
wider remit across departments, which in
some ways makes it more complicated.”
Colin Griffin:
“We have appointed a
dedicated compliance manager, Stephen
Nolan. Stephen has completed the EU
GDPR Foundation course and has expert
knowledge in data protection laws. He
will be responsible for overseeing GDPR
on behalf of Blackbox and will also offer
compliance guidance to our clients and
other businesses concerned about the
impact of GDPR.”
Matt Goodall:
“We have grasped the
procedure early and are doing all we can to
ensure we are compliant for the May 2018
date. We will certainly consider working
with an external DPA to ensure we achieve
all required standards. Only certain types
of organisation, such as Public Authorities
or those processing special categories of
data etc., need to appoint a DPO, although
any organisation can appoint a DPO if they
choose to do so.”
Mark Smyth:
“Currently, data protection
is managed by our ICT team, with high
level, board sponsorship. However, we are
considering the ongoing management
and responsibilities. Many organisations
are separating Data Protection and
Compliance and I believe that’s going to be
the norm in larger organisations, though
it may depend on their market sector and
just how much data they process and
control.”
Melissa Odawa:
“As part of the project,
Kyocera is building up a network of data
protection professionals with knowledge
of GDPR. Decisions on instalment of a
group DPO, local DPOs, whether internal or
external, will be part of the project.”
Graham Herrington:
“I would seriously
question those experts… GDPR is the
responsibility of ALL employees. You need
a team of people who manage GDPR
responsibility. Ideally, it sits on a board
agenda as an item and is reviewed on an
ongoing basis – think of GDPR as health
and safety for data.
“It is true, however, that some
organisations will need a dedicated Data
Protection Officer (DPO) and there are clear
guidelines as to who those are.”
PITR:
What steps have you taken/
will you be taking to train staff
to ensure compliance is built into
day-to-day processes?
Colin Griffin:
“Communication is
imperative when introducing any new
process in an organisation. At Blackbox
we have been discussing systems
with everyone who will be affected by
the changes, and Stephen has been
delivering regular training sessions to
ensure our staff are up to speed before
the May 2018 deadline.”
Matt Goodall:
“At present, we are
still constructing our procedures and
protocols. However, any staff members
that handle data covered under GDPR
will be advised of any new steps that
are required. We have always taken
data protection seriously within the
organisation and GDPR will further
enhance our control and processing of
data covered under the regulation.”
Mark Smyth:
“We have been talking
GDPR at every internal meeting to
create and generate awareness – it’s
about getting your team to understand
where the risks are.”
Melissa Odawa:
“Staff training
will be part of the GDPR project at
Kyocera.”
Graham Herrington:
“Education
will make the difference here. We’re
encouraging everyone to ensure that
staff are educated in, and understand,
the new legislation so that they can
take responsibility for the role they can
play – however big or small.”
GDPR will
impact the
resources
of all
organisations,
irrespective
of size.
Workload
is similar in
any sized
organisation,
as available
resources
seem to
mirror size
Matt Goodall,
Service Director,
Office Evolution
PITR:
Experts advise making sure that someone in the organisation, or
an external data protection advisor, takes proper responsibility for data
protection compliance. Some organisations will also be required to
appoint a Data Protection Officer. How are you managing this in your
business?
Colin Griffin,
Managing Director,
Blackbox Solutions
