GDPR READY
GDPR READY makes GDPR easy for small businesses
It’s fairly straight forward to be GDPR READY. zuutech helps small businesses meet the security part of their GDPR requirements outlined in the steps below. Our technical team will manage your computer security (anti-virus, operating system and software), your mobile phone security and backup your data.
Our team will actually install, set up and manage your security.
GDPR READY doesn’t just meet the basic requirements of GDPR compliance but also demonstrates that, in the spirit of the new law, your business takes its responsibilities seriously as it has gone the extra mile. For instance, zuutech’s Managed Computer Security while costing roughly the same as straight forward anti-virus software, goes way beyond this. Not just does it include managed anti-virus but it also includes managed operating system and software security updating and patching.
And of course we can’t forget mobile phone security. We live on our smartphones after all and use them every day, all day. They’re used for email, banking, shopping and socialising. As well as to surf the Internet, watch videos, play games. And we watch, download and click on advertising. Our phones need to be protected.
Another important part of GDPR READY is encrypted backup, never mind that GDPR requires it, any business that does not encrypt and back up it’s files offsite is putting itself at risk. That data is your business and without it your business will suffer and in the case of complete data loss, 90% of businesses close within a year. Backup is your last line of defense. Like computer and mobile phone security, it’s simply not optional.
zuutech’s GDPR READY service is security software as well as a security team to manage it.
The 7 steps to be GDPR READY
Device Security, Data Security and Data Organisation are at the heart of GDPR and we’ve broken that down into 7 steps for small businesses.
1. GDPR Managed Cyber Security and Backup
1. Sign up for GDPR READY and enter the number of devices that require each service.
2. After signing up you’ll connect to our technicians who will then install and configure the GDPR READY service for you. Your technician will:
- install the security software and run a full security scan
- update your operating system and software
- set up your backup
- check to see if you have Microsoft OneDrive, google drive or iCloud as they need to be backed up as well
- check if there are other folders that need backing up
- launch the first backup
3. You can use you your computer while the first backup is running and your technician will remain on hand for awhile to check everything is running as it should
2. GDPR Data Organisation
Once you’re set up, we recommend that you gather and organise your data. This includes all data – whether on computers, mobile phones or tablets.
You need to pull all your data together into central locations with a common filing structure. Ideally, clients would have a folder with all their personal information in it. As most people use Microsoft Word and Excel we recommend that you sign up for office 365 as it comes with onedrive which is very good as a central file store and sharing system.
It doesn’t matter which version you use although we recommend Office 365 Business or Business Premium. We can help you set this up as well should you need assistance. Onedrive is a virtual hard drive and should be backed up so once you’ve organised your data, connect to the support team by clicking the support icon on your desktop and tell the technician you need to backup your onedrive and they will configure it for you.
Register with the the ICO (Information Commissioners Office).
3. GDPR Partners & Suppliers
You need to check with your partners and suppliers that they are GDPR compliant. There are two parts to this:
1. Are they themselves compliant?
2. Do they help you be compliant? i.e. if you have customer or staff data on their services, can you pass this data to your customers and staff if they request it.
4. GDPR Newsletters
The days of opt-out or adding people to your mailing list if they give you a business card are over. Clean up your newsletter list and remove people who haven’t opened your newsletter emails recently. If you’re not on a proper email list service, we strongly recommend that you sign up for one such as mailchimp.
Going forward, people need to tick an opt-in to be added to your newsletter list and all newsletter emails you send should include an unsubscribe link.
5. GDPR Cookies, Privacy Policy and T&C’s
You need to update the cookie notice on your website to include a short synopsis of cookies you use, your privacy policy and T&C’s. This must be in plain language and explain to visitors and clients what information you collect, why it’s necessary and who you share it with.
6. GDPR DPO Process
You should have a document that outlines the locations of the data you hold and the steps necessary to provide, amend or erase your customer and staff data on your various systems when requested.
This document will need to stay current and any changes to your systems should be reflected in your document. As it can be difficult to continually update processes, we recommend keeping a ‘change log’ in the GDPR Process document where they can be quickly added at the time so they are not forgotten, and then the document can be properly updated every three months.
7. Stay GDPR READY
1. Your security, operating system and software updates will be managed for you
- if there any anonomolies, our technicians will first try to resolve any issues in the background, pushing directly from server to computer
- if this doesn’t resolve the issue, a technician will be available to remotely connect to you computer and fix it for you – for no additional cost
- If you ever need to update what you’re backing up or need assistance with your backup, technicians are at hand directly from your computer desktop – for no extra cost
2. Keep your data organised
3. Keep your DPO processes up to date
Once you’ve done this, you’ll be ready for GDPR and it should be fairly straight forward to stay on top of things going forward.
REMEMBER: Anyone who has just 1 customer or staff member MUST be GDPR compliant.