Are you collecting laptops and devices from furloughed or redundant employees? Are your employees returning to work?
If so, do you require non-intrusive audits of all your company devices and laptops to make sure they are all updated and compliant under the Data Protection Act 2018 and GDPR?
The General Data Protection Regulations (GDPR), the UK’s Data Protection Act 2018 and many other international privacy laws, requires all organisations to update and monitor their procedures on how personal information must be handled and protected.
With many of us slowly returning to the office in response to the COVID-19 recovery, there has been an increased focus on ensuring all your company devices and laptops are secure and updated.
We urge all organisations to perform non-intrusive audits on all company devices, laptops and phones to confirm that your company data and any personal data remains secure and not inadvertently been leaked or breached.
There is also the threat of disgruntled employees who have either been made redundant or furloughed; yet are still in possession of your company devices and confidential information. Have they had access to the network during this pandemic, if so what information have they accessed, downloaded or leaked to others?
Data protection rules are clear and concise, yet they potentially carry substantial financial penalties for non-compliance and significant reputational harm.
Contact us at TenIntelligence and we can talk through the process and improve your posture around protecting personal data and compliance, including Audit & Assessment, Virtual Data Protection Officers and Breach & Incident Response.
How we can help
- Conduct information audits across the organisation to review, identify and assess the data being held
- Conduct specific Data Flow assessments providing Gap Analysis to identify control weakness, strengths and areas for development
- Work with the organisation to, design and implement appropriate technical and internal measures to ensure Data Protection is designed into all processes
- Work with the organisation to design a Data Privacy Impact Analysis framework linking to pre-existing risk management and project management processes
- Review the processing of data, identify and document the lawful basis for the processing activities, including clear and concise consent mechanisms
- Review the GDPR risks on the organisation’s Risk Register and create the critical list of control weaknesses versus actions required by the GDPR legislation
- A complete review and/or develop framework of policies and procedures needed to ensure GDPR audit compliance and provide a plan for Data Protection or Privacy by Design documentation
- Monitor compliance with data protection policies and regularly reviewing the effectiveness of handling/processing personal data and updating security controls
- Develop and provide a clear Road Map needed for regular review of security access and controls to ensure privacy and security of personal data resulting in a documented Data Protection Impact Assessment framework
- Help the organisation develop a staff training and awareness program