Understanding the GDPR using these 5 simple steps: IT Industry

The introduction of the European Union’s General Data Protection Regulation (GDPR) in May has caused quite a stir within the tech industry.

Any company which houses personal data about individuals in the EU is potentially exposed to a hefty fine in the event of any failure to comply with the GDPR, particularly in data security and management. If you have been a bit slow to getting your head around the impact of GDPR, start with these simple steps to properly assess any potential exposure.

1. Start at the source. GDPR has attracted a flurry of media attention and hundreds of articles (including this blog!) have appeared from all over the Web expressing a myriad of opinions on the topic. When this happens, it’s always good to go to the source of official policy and information to determine if the regulations apply to your business. Here is the EU’s GDPR website on the data protection reforms and what they mean for most businesses:

2. Work to the highest standard. When managing information digitally, it is easy natural to think about doing things in silos, where you segment your approach based on consider specific regional requirements. However, as attention on data protection continues to build and data protection regimes converge, it is often easier and better for your customers to treat all information you hold in the same manner – and to make sure that such information is treated in accordance with the highest data protection standards. Using IT security services will cover all the bases you need on top of gaining visibility and advanced warning for any potential threats that could harm your business.

3. Mitigate unnecessary collection risks. Another big question resulting from GDPR is: are we collecting more information than we actually need? It’s time to review how much personally identifiable information you are collecting and whether the value of the information (now and in future) is worth the risks. It may be worth giving particular consideration to whether any “sensitive” personal information, such as health information, is collected and, if so, if collecting such information is really necessary. With Australia also recently unveiling its mandatory breach disclosure scheme, now is a good time to undertake a data security audit and determine what personal information might be at risk. Go for reliable IT cybersecurity assessment companies that specialize in the safety and integrity of your data. As cyber attacks become alarmingly common among small to mid businesses, setting to have this kind of service will ensure that you have a security strategy in place.

4. But we already secure sensitive data. In that case, good. The GDPR requires data protection “by design” and “by default” and sets out certain practices that might meet this requirement including anonymising personal information. In this sense, GDPR is another driver to improve IT security practices in general, which is a positive step even if your organisation is not required to be GDPR compliant. This is similar to how the PCI Standard includes a number of prudent recommendations for improving how security and IT are managed, even if you don’t store credit card information.

5. Know your third-party risks. In addition to your internal practices, make sure any information you share with third parties does not breach any local or international regulations. The GDPR aims both to prevent the personal data of individuals in the EU being “traded” or used without an individual’s consent and to ensure such personal information is adequately protected even where it is transferred to third parties or overseas. Be crystal clear on what personal information your organisation may want to transfer to third parties and what they are permitted to do with it.

For advanced safeguard, a managed detection and response (MDR) protocol will help augment existing security groundwork for businesses. Using MDR services will provide you with comprehensive data analysis and reporting, threat detection, incident response, and most of all, compliance.

The new GDPR and Australian data breach disclosure scheme indicate governments around the globe are prepared to act to help protect people’s privacy. But such increased focus on privacy should only be cause for concern if your organisation is not prepared or does not already have a reasonable security system in place.

Start with assessing the requirements and working towards compliance, which in most cases you will find go a long way to improving how your organisation manages sensitive information.

For more information or advice on how we can help you with the GDPR and NDP, book in for a 20 minute chat:

Book consultation


Register for an initial online discussion over Zoom, phone, or in person. And let’s find out where your business most needs our award-winning services and support.

By analysing your specific needs and priorities, we’ll give you a realistic and practical recommendation on what’s required to accelerate your modern architecture.

Our Senior Consultants will help you evaluate and understand your options, so you can make decisions that benefit both your business and your employees, while mitigating unnecessary risk.​

Combining Strategy, Transformation, Management and Optimisation, we identify and remove the obstacles to a successful outcome, before you even know they’re there.​

Step 1: Recap and review

Together we’ll examine the steps you’ve already taken in IT procurement and review the parameters for the architecture planning you’ll need in place going forward.

Step 2: Shape the

Future planning for optimal performance, focusing on effective communication and collaboration, device lifecycle and configuration management and security.

Step 3: Identify your requirements

This is where we clearly identify the steps you need to have in place to develop your Strategic Technology Roadmap to create a Modern Dynamic Workplace. 

Step 4: Get the

You’ll receive a high-level report with our recommendations to accelerate your modern architecture, and the next steps for delivering your Strategic Technology Roadmap.

We’ll get you there. Faster.

With a high-level plan in place, you’ll have a clear understanding on the business case, benefits, and high-level budget considerations for your technology platform to accelerate your modern architecture. And you’ll be ready to leverage the Cloud to deliver the services and applications your teams need.


Find out what a great MSP relationship should be delivering.

How successful was your business transition to a remote workforce during the COVID crisis? Read how the National Breast Cancer Foundation was able to transition to a remote workforce environment almost overnight, and with 93% employee satisfaction.


Is Your MSP Giving You Solutions or Problems During COVID-19? 5 Key Signs of Insufficient Management

There’s nothing like a one in 100-year pandemic to test how your IT operations are performing and how prepared you are for change.