Helping you keep up to speed with new terminology associated with GDPR.
Every EU state will have a governing body to enforce GDPR law. Remember – for the purposes of GDPR, the UK is included within the EU.
The ICO is the governing body for the UK – this is who will come looking for the Data Protection Officer in your company in the event of a data breach.
Under GDPR Law, every company must have a Data Protection Officer to be responsible for the company’s data. The designated person should be a part of the senior management and is responsible for justifying that the company’s IT Security system is ‘state of the art.’ The Data protection officer is also responsible for Data Governance. The Data Protection Officer must define and document the company’s efforts to prevent a data breach and must be prepared to justify the company’s effort if a data breach does happen.
When it comes to GDPR, the ICO realise that not every company can afford the biggest and best products on their network. They do however expect that a company’s network has functioning protective products that are suitable for the data stored and that are continuously patched and upgraded – state of the art.
Data Governance is a term that you will hear in conjunction with GDPR. Data Governance is the continuous process of knowing:
1. What data the company stores
2. Where the company’s data is stored. (Companies must be careful when using online, cloud based storage facilities such as Dropbox and Salesforce)
3. Removing data the company does not need