GDPR: Key elements for businesses to consider

GDPR is now fully enforced and applies to all businesses that process sensitive data, regardless of sector. It’s been argued that GDPR could pose a threat to the innovation afforded by correctly utilising big data to make smarter decisions.

The key element to consider with GDPR is that it only applies to Personally Identifiable Information (PII); this is the data you need to protect and identify more consumer-led methods of processing. Consent is key, with businesses heavily sanctioned for using data without explicit individual consent.

For businesses that still aren’t confident about whether they’re compliant with GDPR, here’s 4 key areas you should be looking at as a priority.

1. Protecting your digital data

All businesses are processing more data than ever before, including sensitive data. Many businesses that don’t store customers’ personal information make the mistake of thinking this doesn’t apply to them; however, all businesses will at the very least hold employee information. Therefore, all businesses must put measures in place to safeguard that digitally-stored data.

Cyber-security is a key tenant in GDPR compliance. By building your walls of defence and making them as high and complex as possible, you not only drastically reduce the risk of your data being breached or stolen, but in the event a hacker does get through, you’ll be able to prove to the Information Commissioner’s Office (ICO) that you put those measures in place. That itself is more important to the data protection governing body than experiencing a breach itself.

2. Start by encrypting your data

The cyber-security solution that should be at the top of your list is encryption; not only is it a robust way to keep your data inaccessible to cyber criminals, it’s recommended throughout the full GDPR documentation. Should any PII data you hold fall into the wrong hands – whether deliberately or accidentally – encryption will render it unintelligible. Encryption can operate at a file, folder, device or even server level, offering the level of protection most suited to your business needs. However, it’s not the only security measure you should implement; a multi-layered approach to cyber-security mean hackers are less likely to reach the pot of gold at the end: your data.

3. Evaluate how your process data

Aside of cyber-security measures, the other key area you need to revisit is your policies and processes. The GDPR states that data controllers must “adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.” All new policies, whether specifically related to GDPR or not, must be compiled with a ‘privacy by design’ model. Existing policies, including your data protection policy, privacy policy and training policy should also be reviewed in light of GDPR.

4. Don’t panic if you experience a cyber-attack

It’s important to understand what happens if the worst happens and the hackers break through your walls of defence. Whilst businesses are most fearful of experiencing a data leak, not reporting it to the ICO could be considered a bigger infraction than the breach itself. Businesses must report it to the Information Commissioner’s Office (ICO) within 72 hours of discovery. It’s especially important to note this, as failing to meet this obligation could be considered a bigger breach of the GDPR than the data leak itself.

It’s encouraging to know that you don’t have to report every single data breach to the ICO. For example, if an employee loses a business-issued smartphone that has been encrypted, you don’t need to report it because your data will be inaccessible. It’s best to check the ICO’s guidance to find out exactly what you need to report.

Bio: Natasha Bougourd is Lead Applications Writer at TSG, specialising in IT support, Office 365, GDPR and business intelligence.

TSG is an IT support company that has expertise across a wide range of technologies, from SharePoint document management, Office 365 to Sage and Pegasus ERP solutions to IT support, infrastructure and cyber-security solutions. Holding 8 Microsoft Gold competencies, TSG places focus on a highly-skilled and qualified workforce with over 1000 recognised accreditations between its team of experts, including MSCE Certifications, Prince2 and ITIL qualifications. Read more from TSG, on their blog: here

Latest issue

  • 1


  • 1

Latest windows:

  • 1


  • The changing definition of luxury +

    Read More
  • CES 2019: 5 Key Takeaways +

    Read More
  • Health & Beauty 2019: Educate, Play, Share +

    Read More
  • 1

Out & About

  • Art Basel Miami 2018: Highlights +

    Read More
  • Out & About: London Design Festival 2018 +

    Read More
  • Out & About: Retail Design Expo 2018 +

    Read More
  • 1


  • How supermarkets are checking out the waste problem +

    Read More
  • Quinine’s seven-part webinar series +

    Read More
  • How will Brexit affect the UK’s imports and exports? +

    Read More
  • 1

Exclusive Q&A


Stephen Briars,
Creative Director,
The Conran Shop


Search Our Site



We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our privacy policy.

I accept cookies from this site.

EU Cookie Directive Module Information