When we were looking at building an offering around GDPR for the UK small businesses, we had a few objectives we wanted the solution to meet; it needed to be simple enough for anyone with a good understanding of their business to be able to use, it needed to be a journey - something that follows the natural flow of how GDPR compliance will be achieved and then the usual goals of affordability, usability and our high standards of quality. This wasn't an easy task but what we eventually produced - EnableGDPR - is something we are very proud of. In this post, we explain a bit about the method behind it all.
Underpinning EnableGDPR is a 3 step process. These steps reflect how you would go about the GDPR journey in first understanding the regulation, then identifying where you have gaps in your process for full compliance and then to work on pluging those holes, thus helping companies ‘piece’ together the parts of the GDPR jigsaw.
3 Step Process
Let's now look at this 3 step process in detail.
First, you build GDPR awareness across your organisation. This is very important as every employee who handles personal data need to clearly understand the enormous responsibilities that come with it. In EnableGDPR, we help companies initiate by taking a set of e-learning modules. This will give your employees an understanding of the key concepts, as well the basic operational and technical measures required for GDPR.
Next (in some cases in parallel with the Initiate step), you need to understand what you as an organisation lacks in terms of GDPR compliance. Data Protection laws in some form or other have been in place for over 20 years. Yes, they weren't as strict as they are under GDPR but, it is very likely you are already doing a lot that is also required by GDPR. Identify the required changes needed for your organisation is done in EnableGDPR by answering questions across a number of GDPR assessment modules. All you need is a good grip on your business and its various activities to complete the assessment. Upon completion, EnableGDPR will produce a report detailing the gaps and corresponding remedial actions needed for your business. With this you move to the next step in the process.
Depending on the nature of personal data use within your company, this could be a reasonably simple or a very complex, time consuming step. With EnableGDPR, you would implement the required changes by creating things like privacy notices, information audits, subject access request forms etc, through the various document templates, checklists, and guidelines provided. These templates help reduce the effort you need to put in.
Different versions of EnableGDPR
As mentioned above, the complexity while performing the above steps varies a lot depending on the company. EnableGDPR cannot fit to meet every need of every company, so we address it in two ways:
1) We focus only on the small businesses, thus making sure we keep it focussed. However, not all small businesses are the same either. Let's remember that Whatsapp, which was bought by Facebook for $19 billion would have classed as a small business by number of employees that had! So how do we handle that? This is where our second point comes in :)
2) We have created two flavours of EnableGDPR:
Essential - is for small businesses who use personal data as a side effect of 'doing business', i.e., to look after their employees, customers and suppliers. For them we have already done the assessment, based on the mentioned criteria, so what you get instead is a just step 1 and a simplified step 3.
Comprehensive - is for small businesses, where personal data and its handling is more critical to their business. For them we simply can't make the assumptions in step 2 and so have the full package at their disposal.
This topic deserves its own blog and we will update you when that is published.
We just sent you an email. Please click the link in the email to confirm your subscription!
OKSubscriptions powered by Strikingly