GDPR Compliance Implementation

This site uses cookies and similar technologies.

If you do not change browser settings, you agree to it. Learn more

I understand
You are here: GDPR Compliance Implementation

GDPR Compliance Implementation

Rate this item
(1 Vote)

GDPR Compliance Implementation

Many businesses are concerned about the impending new GDPR legislation and the vast majority of them, simply don’t know what they have to do, to become compliant. There are so many scare stories regarding the fines that are going to be levied, that it is leading to companies spending money unnecessarily on software solutions and consultants that will not allow them to achieve short or long term compliance.

Remember the Year 2000 crisis, when the whole world was going to come to a stop? GDPR is much the same. There is no quick fix because once compliance is achieved, it has to become a continuing and demonstrable process. GDPR should be seen as an opportunity to take stock of a business, look at security and business processes and ensure that a business benefits from any changes that have to be made. Rash spending on ‘supposed software solutions’ should be avoided.

There are probably three main areas that require consideration, in relation to compliance with GDPR; Legal Compliance, Business Process and Information Technology. The RedDrum GDPR team are perhaps uniquely qualified to assist in all three areas. Led by the MD, Paul Hilder, a Certified EU GDPR Practitioner, they understand the world of the SME. It is one that they work in every day of the week and have done so, for many years.

Legal Compliance
Paul recently completed the EU GDPR Certification process, to endorse the more substantive skills, that he has in this area. Over the past ten years, in his role at RedDrum, Paul has provided consultancy and compliance advice regarding data and other legislation, to numerous clients. Many of those have been in the ‘Legal Industry’ which is heavily regulated. Paul has written data compliance policies for clients which have enabled them to achieve Lexcel qualification as well as being able to satisfy Law Society requirements. Further, those data policies have enabled certain clients to escape financial penalties, where data breaches have occurred, that have been reported to the ICO.

Paul, a published author in Business Law, is familiar with both the Criminal and Civil law, having been a Police Officer, a University Law Lecturer and a Company Director.

Business process
This area is key to GDPR compliance and is of particular interest to the RedDrum team. GDPR stipulates that Privacy must be built in to the design of business processes. Most of RedDrum’s clients utilise a RedDrum Intranet, to manage one or more key aspects of their particular businesses. The Intranets specialise in delivering secure, ‘lean’ business processes, whether it be for collecting data from a construction site or recording new clients, for a firm of solicitors.

The RedDrum GDPR Intranet is the perfect tool to both implement and ensure ongoing compliance, with the new legislation. Modules within the GDPR Intranet include:

Staff training (GDPR Principle 7)
Breach reporting (GDPR Articles 33 and 34)
Record keeping (GDPR Article 30)
Subject access requests (GDPR Article 15)
Security and auditing (GDPR Article 30)
Data subject access (GDPR Articles 15, 16, 17, 18, 19 and 20)
Secure document storage (GDPR Article 35)
Policy distribution (GDPR Article 30)

Other aspects of the Intranet, include a Calendar based, messaging and notification system, which provides automated date sensitive warning notifications, configured to reflect the strict time deadlines that appear in the Regulation. For example, in the case of a breach, a report must be sent to the ICO within 72-hours. The Breach Reporting module facilitates the collection of all necessary information, whilst providing time sensitive warning notices at strategic times, to the DPO and/or other nominated staff. If a report has not been submitted by the time that 60 hours have elapsed, an emergency warning message is generated and sent to the MD/Owner or other senior persons, as required.

Information Technology
GDPR requires secure IT networks and systems at both a physical and system level. These requirements are fully understood by the RedDrum GDPR team and can be provided for any organisation.

RedDrum is a specialist IT provider, working with some of the largest and most renowned companies in the country, some of which operate globally. All design and implementation of systems is undertaken in-house by engineers competent in a wide range of Industry Standard systems and technologies. These include Cisco, Meraki, Windows Server based networks, Linux, Amazon and a wide range of software applications.

Practical Help
Please contact Paul or Mark for an informal discussion regarding GDPR and achieving compliance. Every business will be at a different stage and will have varying requirements. Many will not yet have considered GDPR implementation or will be unsure as to what to do, to start the compliance process.

RedDrum can help, providing a service that can simply be advisory, through to taking complete charge of an implementation. GDPR dictates that certain businesses have to appoint a Data Protection Officer (DPO) and, strategically speaking, it is beneficial to have a named Data Protection Officer, for any company of a reasonable size. A DPO must be suitably trained and qualified. The legislation specifically prohibits appointing certain internal staff. The legislation allows for the appointment of an external DPO for a company. RedDrum can provide a named DPO to act on behalf of a company, performing the specific roles that the legislation dictates.

GDPR Compliance Implementation - 5.0 out of 5 based on 1 vote
Fraud and Cybercrime

Fraud and Cybercrime

Article 3 - Current Cybercrimes - SpearPhishingIntroduction In the 1960’s criminals were much more visible. They would dress up in balaclavas, carry…
Ikaros Solar


Founded in 2007, the WElink Group is a specialised renewable energy company with extensive experience of solar project development and the design…
Fraud and Cybercrime

Fraud and Cybercrime

Article 2 - Technical Requirements of a Computer NetworkIntroduction The problem that most businesses face is that they do not have access to…