GDPR Compliance Journey - 19 Review and Wrap up
Summary
TLDRIn the final part of their GDPR compliance journey, Mike Savile reviews their progress, revealing they are 88% compliant, with most efforts now focused on enhancing security measures like firewalls and user accounts. They emphasize the importance of a culture of compliance, ongoing documentation, and continuous improvement to remain GDPR ready. Savile advises that organizations should embed data protection by design into their operations and maintain vigilance beyond initial compliance. The series concludes with encouragement to adopt these practices for successful compliance.
Takeaways
- 🚀 We are 88% compliant with GDPR and Cyber Essentials.
- 🔍 We have minor tasks remaining to improve our security and achieve full compliance.
- 🛡️ Key areas for improvement include firewalls, user accounts, and device access.
- 📋 Our action list is short, mainly involving firewall rules, anti-malware, access rights, and autorun.
- 📜 We can access the full text of GDPR to review compliance with specific articles like data protection by design and default.
- 👍 We consider ourselves GDPR ready rather than just compliant, staying updated with new guidance.
- 🏢 Embedding a culture of compliance in the organization is crucial.
- 📝 Documenting everything is essential for proving compliance efforts.
- 🔄 Compliance is an ongoing activity; we must continue our efforts even after the bulk of the work is done.
- 💬 Feedback and comments on the series are appreciated, aiming to make compliance simpler.
Q & A
Who is the speaker in the video script?
-The speaker is Mike Savile.
What is the main topic of the video script?
-The main topic is the journey towards achieving compliance with the General Data Protection Regulation (GDPR) and Cyber Essentials.
What percentage of compliance is the speaker's organization at according to the guidelines software?
-The organization is at 88% compliance according to the guidelines software.
What does the speaker suggest is the key to achieving GDPR compliance?
-The speaker suggests that having a culture of compliance embedded in the organization is key to achieving GDPR compliance.
What is the speaker's view on the organization's readiness for GDPR?
-The speaker believes that the organization is not just compliant but ready for GDPR, as they are actively working on continuous compliance.
What areas does the script mention as needing improvement to achieve full compliance?
-The areas needing improvement include firewalls, user accounts and devices, access, and anti-malware.
What is the significance of Article 25 in the context of the script?
-Article 25 of the GDPR focuses on data protection by design and by default, which is a principle the speaker's organization aims to adhere to.
What is the speaker's advice for other organizations on their compliance journey?
-The speaker advises other organizations to establish a culture of compliance, document everything thoroughly, and treat compliance as an ongoing activity.
What does the speaker mean by 'data protection by design and default'?
-It refers to the GDPR principle that requires organizations to consider data protection from the outset of designing systems, rather than as an add-on.
What is the final message the speaker conveys to the audience?
-The final message is that compliance is an ongoing process and organizations should strive to be 'GDPR ready' rather than just 'GDPR compliant'.
How does the speaker describe the current state of their action list?
-The speaker describes the action list as very short, indicating that there are only a few minor tasks left to complete for full compliance.
Outlines
📊 Compliance Progress and Final Steps
In the final part of the GDP and compliance journey, Mike Savile reviews the company's progress towards compliance with cyber essentials and GDPR. The dashboard shows an 88% compliance rate, with minor tasks remaining, mainly focused on enhancing security measures. Key areas needing improvement include firewalls, user accounts, and access control. The action list is short, with tasks such as quick disabling of firewall rules and anti-malware measures for Apple devices. The script emphasizes the importance of being 'GDPR ready' rather than just compliant, acknowledging the evolving nature of data protection regulations. It stresses the need for an ongoing commitment to compliance and the establishment of a culture that prioritizes data protection by design and default.
🔒 Final Thoughts on Compliance
The second paragraph briefly wraps up the series on compliance, suggesting that the process should be straightforward and simple. Although the content is minimal, it implies a conclusion to the discussion, possibly hinting at the ease of achieving compliance if the right steps and culture are in place, as previously discussed.
Mindmap
Keywords
💡GDPR
💡Compliance
💡Cyber Essentials
💡Data Protection by Design and Default
💡Action List
💡Firewalls
💡Anti-Malware
💡Access Rights
💡Autorun
💡Culture of Compliance
💡Documentation
Highlights
Introduction to the final part of the GDP compliance journey.
Current compliance status at 88% according to Cyber Essentials and GDPR.
Review of the guideline dashboard to assess compliance areas.
Discussion on the majority of areas being compliant with GDPR.
Identification of minor tasks needed for full compliance.
Emphasis on improving security and completing tasks against Cyber Essentials.
Red indicators pointing to work needed on firewalls, user accounts, and access.
Explanation of the basics already in place and the need for further improvement.
Short action list for achieving 100% compliance.
Specific tasks mentioned such as quick disabling of firewall rules and anti-malware work.
Challenges with anti-malware due to the use of Apple devices.
Importance of access rights and autorun in the compliance process.
Review of the sources of guidelines and GDPR's Article 25 on data protection by design.
Achievement of compliance and the distinction between being GDPR ready versus compliant.
Cultural importance of compliance and embedding it within the organization.
The necessity of documentation for evidence and records of compliance.
GDPR as an ongoing activity that requires continuous effort beyond initial compliance.
Final thoughts on the importance of a culture of compliance, documentation, and ongoing activity.
Closing remarks and appreciation for feedback on the compliance series.
Transcripts
[Music]
hi I'm Mike Savile and welcome back to
the final part in our GDP our compliance
journey so I guess the big question is
did we make it well let's go straight to
the guidelines software and have a look
at where we are so here we are at the
hopefully now familiar guideline
dashboard and immediately you'll see
that we are 88% compliant according to
the absolute regulation of cyber
essentials and GDP our and really if we
drill down into the GDP are you can
hopefully see that across the majority
of the areas we've done everything we
need to do so a couple of minor tasks
and most of our effort really is
improving our security and making sure
we absolutely done everything we need to
do against cyber essentials now we have
some red indicators that show that we've
got work to do on firewalls user
accounts and devices and access but
really we've got Basics in there this is
about improving and going the extra mile
to do more in these areas to make sure
that we are as good as we can be and if
we look at our actions our action list
is very very short we need to do some
stuff around quick disabling or removal
of firewall rules we need to do some
work on anti-malware which is a little
tricky because we mostly use Apple
devices so we've got some work to do
there some stuff on access rights and
autorun but really not a lot of activity
for us to do to to get 100% and if we
just dig into sources of guideline we
can have a look at the GDP our and if we
have a discussion with anybody now or in
the future we can have a look at the
full
texts off the gdpr and look at the
section article 25 on data protection by
design and defaults and we can go into
that and we can see specifically the
little arrow says we at guideline are
compliant so that's the final position
on where we have achieved we're quite
pleased that we've got most of the way
there and with just a couple of small
activities we should be where we need to
be so as you can see we are itching me
close to where we need to be but I think
more importantly we like to think of
ourselves as being gdpr ready rather
than gdpr compliant we work in this
space every day so we know that it is
changing there's new guidance being
issued and that will continue past the
25th of May so an organisation that
thinks we're gdpr compliant we don't
need to do anything else
I'd be very worried for that
organisation into the future so we're
pleased to be gdpr ready
we are fortunate that we have the right
culture in place we do compliance
everyday so all of our people are
thinking about it and in terms of tips
for anybody else out there watching on
your journeys really that is the top tip
make sure that you have a culture of
compliance embedded in your organisation
make sure everybody is taking this
seriously and doing the right thing
really get that thinking at the start
because the gdpr
is about putting data protection at the
heart of an organisation data protection
by design and default is one of the key
principles so if you have that culture
you'll be on the right track the second
thing I'd say is to document document
document make sure you have evidence
make sure you have
records make sure you can prove the
things that you've done as part of GDP
our and the third thing I would say is
it's an ongoing activity don't stop just
because you've done the bulk of the work
you need to keep going complete the long
Tyler activity so get the right culture
document everything and keep going and
that really is it for this series we
really do hope you found it useful any
comments or feedback will be really
appreciated and so until we tackle our
next compliance we hope you find your
compliance simple
Browse More Related Video
5.0 / 5 (0 votes)