PRINT
IT
RESELLER.UK
47
VOX POP
PITR:
One of the requirements
of the new legislation is to put
procedures in place to detect,
report and investigate a personal
data breach. How are you
managing this?
Colin Griffin:
“We have developed a
set of clear internal policies and lines of
responsibility. Robust breach detection
investigation and reporting procedures
are already in place, which are all in line
with ISO: 27001 standards and managed
by Stephen. GDPR is not simply a ‘tick-
box’ exercise – organisations need to
proactively monitor compliance and be
alert to data breaches.”
Matt Goodall:
“The guidelines suggest
that the easiest way to limit the potential
for data breaches is to review, control and
limit access to the data in the first place. As
the fines for a breach are significant and
can be 2% of your annual turnover, it is
essential that you have your systems up to
date and everyone is aware of how to use
them. We are also reviewing how we store
data relating to customers; the traceability
of actions with such documents; and
access to those systems.
“My advice would be: ‘Don’t leave it
too late, there is lots to comply with’.”
Mark Smyth:
“We are currently working
through a check-list and process for
identifying each business area and data,
categorising the data, creating an audit
and reporting process, and evaluating and
prioritising the risks.
“This will be introduced as a
measurements and management process
within our organisation come May 2018.
We see this as a constantly evolving and
continuous process and infrastructure
improvement.”
Melissa Odawa:
“Some countries, like
the Netherlands, already have legislation
in place for reporting data breaches.
Therefore, Kyocera already has a process
for this. Managing data incidents is in
scope of the Kyocera GDPR project.”
Graham Herrington:
“It ultimately
means preparing for a breach, then working
back from that point to ensure all ground
is covered. For example, one company has
prepared a mail merge document that can
be initiated if a major breach is detected,
ensuring the client receives notification
within 30 minutes of it being detected.
“As part of the documentation
process, it’s vital to include a clear breach
procedure that is monitored, checked
and maintained. All data flows are tested
against this and form part of the overall
GDPR project folder.”
Guidelines
suggest
that the
easiest way
to limit the
potential
for data
breaches is
to review,
control and
limit access
to the data
in the first
place
Graham Herrington,
Managing Director,
Managed Print Partners
