A ten-point plan for gdpr sellick partnership has its finger on the pulse normalization in database

With fewer than 100 days to go before the general data protection regulation (GDPR) comes into effect, it really is crunch time for businesses that haven’t started planning.

The GDPR aims to unify privacy laws across europe, and protect the data of EU citizens. This means that, for any businesses holding data of european citizens, whether they be customers or employees, they must adhere to the GDPR, or face the penalties. In other words, brexit is not a get-out clause.

With such a big change on the horizon for small businesses across the country, real business will present a few case studies on how others have approached the task of becoming GDPR compliant.Plan action first up, we spoke to jo sellick, MD of sellick partnership.

Established in 2002, sellick partnership is a professional services recruitment firm providing recruitment solutions to the private, public and not-for-profit sectors.

Its consultants operate nationwide from offices in manchester, derby, liverpool, leeds, london, newcastle and stoke, providing both employers and jobseekers with a full recruitment service.

We place great importance on the safety and security of our customer and employee data. All data is stored in state of the art database systems running on multiple servers housed in our onsite air conditioned and secured data centre.Plan action an encrypted copy of all data is also stored offsite with changes to onsite data replicated each night.

Access to the data is controlled and restricted by UTM (unified threat management) firewalls which deploy DLP (data loss prevention) policies and scan all traffic for viruses. We are also fully prepared for the requirements laid out by the forthcoming GDPR regulations and our internal procedures meet the stringent requirements of our ISO 9001:2015 certification.

We heard about GDPR early on in the process and I welcomed this change in legislation. However, the guidance initially provided was inconsistent and confusing. It was therefore important for us to break this down, and ensure we understood each part so we were prepared to discuss the changes with our clients and candidates.Information requests

(1) elect a GDPR project team. This team will have overall responsibility for compliance with the new legislation and will be the point of contact for information requests from individuals and the information commissioner’s office.

(2) develop an internal communication plan to ensure everybody in the organisation has a clear understanding of the principles of the GDPR and what our internal policies and procedures are to protect personal information.

(6) contact everyone in our supply chain involved in processing and storing personal data to ensure they are correctly complying with the legislation.

It is crucially important to ensure businesses have a plan of action to deal with information requests and data breaches within the required time constraints.Sellick partnership this is an area I feel many small business may neglect to spend time on. I would hope we never need to use this plan but as the timescales are so tight you need a plan of action as a precautionary measure.

My initial advice would be to try to not panic. It is important for companies to remember that although the new regulations are daunting, there is still time to become fully compliant. I would also advise all business leaders to attend sector specific seminars and to take as much advice as they possibly can. It is crucial that before you begin and ultimately your business specifically.