All Services

From back-end infrastructure to personal productivity, Ergo has the knowledge and experience to match technology to all our client requirements. Our strength is understanding your business. The end goal is always the same, to make businesses more agile and competitive.

More About Our Services
Managed Services

Focus on your core business and leave ICT operations and management to the experts. From 24/7 service desk support to managing hybrid clouds, Ergo have the depth and experience to meet the most demanding service level requirements and ensure continuous improvement. 

More About Managed Services

Highlighted Services

Managed People

Competition for talented technology professionals is huge, which is why we make hiring more personal, taking time to match the right people to the right roles. Our technical experience and recruiting know-how help find the perfect fit for both parties.  

More About Managed People

Highlighted Services

Consultancy Services

Speed of change demands a new generation of digital investments that will drive business enablement and profitability. We support IT leaders, wherever they are on their digital transformation journeys, with our digital assessment methodology. 

More About Consultancy Services

Highlighted Services

Print and Document Solutions

Our goal is to deliver the best possible print and document service for you, leveraging the latest technologies and innovation to ensure the performance of your print environment is optimised to maximise employee productivity.  We take out costs, add efficiencies, wrap it in end-to-end security and make print integral to digital transformation. 

More About Print and Document Solutions

Highlighted Services

Cloud

Agility is key to business success and the cloud is where to get it. We offer a wide range of cloud services – public, private, hybrid – and provide the best of both worlds by integrating or migrating legacy systems to streamline the way your IT is consumed. 

More About Cloud

Highlighted Services

Digital Enablement

Ergo provides a clear roadmap for digital transformation with practical steps to make businesses more agile and customer-centric

More About Digital Enablement

Highlighted Services

Mobility and Collaboration

Ergo has provided many of Ireland’s largest organisations with an ecosystem of mobile applications and collaboration services that drive productivity without compromising on security

More About Mobility and Collaboration

Highlighted Services

Software Licensing

Businesses struggle to manage software assets and don’t always get the best value. We can help streamline your software purchasing, simplify deployments and maximise your investments. 

More About Software Licensing

Highlighted Services

Security, Risk and Compliance

Risks around cyber security and data protection are an ever-increasing challenge for businesses. We provide security lifecycle management, from perimeter testing and threat analysis to mitigating the impact of a breach. 

More About Security, Risk and Compliance

Highlighted Services

Microsoft Technology Specialisations

With the largest team of Microsoft IT professionals in Ireland – including two Most Valuable Professionals our expertise spans a comprehensive portfolio of products/services

More About Microsoft Technology Specialisations

Type your query and press the "Search now" button

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on

Read The Article
Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on
Return to Blog

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on

More and more, we have been hearing about companies who are not yet fully compliant with GDPR. In the latest annual CIO survey, KPMG spoke to 3,958 tech execs for their latest annual CIO survey with the worrying number of respondents saying in April that they expected not to meet the already lapsed May 25 deadline. These execs are working at organisations with a combined security spend of up to US$46 billion. The biggest reason they named for not being compliant? The complexity of the regulation itself. GDPR is not easy, that’s a fact. But can you let the complexity of new process implementation be the reason you potentially get fined €20 million or 4% of your global turnover? The complexity doesn’t have to win. Follow the following 6 best practices for getting and keeping your data compliant and let GDPR be a past worry:

 1. Keep your data registry clean

Data is everywhere in organisations. From the visitor’s book in reception, to the list of kid’s names for the annual Christmas fun day. Passport copies are often held on shared drives to meet

If you keep the focus of the business analyst team on discovering personal data and the processes for handling it, then you have the majority of what is needed for entries into the data registry.

The difficulty is having an open mind as to where personal data is stored. Your GDPR consultants will have this knowledge. Here are some examples we find that an expert in GDPR is more likely to discover

  • The visitors sign in book at reception
  • A waiting list for procedures in a hospital
  • CCTV footage of customers in your business
  • Scans of passports for KYC checks
  • Family and next of kin data, held for HR or social reasons
  • CV’s of people in email trails or attached to calendar invite
  • Citizenship data for travel or visas

These are all areas where personal data is being kept, yet would not be that obvious to most. 52% of all data stored by organisations, according to a Veritas study, would be these non-obvious categories.

If you don’t know what data you hold, where it is and who has access to it, you are in breach of the GDPR. Mid-sized SME’s must keep auditable records of all processing of personal data, but without a detailed description of the processes that this data is managed by, it will be hard for any organisation to prove compliance under this principle of accountability.

 2. The tools to aid you are there

You need to note the security of the systems that process personal data, and ensure you have adequate and state of the art technology in place to protect it, at all times. The hackers, from which you are protecting your data against, will be using the latest hacking tools as they come available.

There are several tools on the market which allow you to document and map your data processes and add these processes to your enterprise architecture documentation if you have such systems. GDPR promotes the use of a data registry for gathering basic information on data processes. The data registry will be the basis of how you need to audit your data processes and the data that flows through your organisations. With the right data management policies and processes, it is easier to comply with the GDPR.

 3. Keep watch of the dark data

As mentioned above, if you integrate the correct technical tools into your data processes, you can also use tools to discover the more concealed data. These tools can discover the content, location and security controls of the data. Most businesses don’t know where this dark data resides, but it costs money to store and it can also attract a regulation breach and associated fines. Use the tools to delete data you don’t need and put in place the policies and procedures that will prevent the problem of unnecessary data gathering from reoccurring.

4. Establish processes  to quickly adhere to data subject requests

Under the GDPR, each individual, aka Data Subject, within the EU will get new and improved rights around the management of their personal data. For example, each data subject has the right to have a copy of all the personal data that you hold on them, the right to have this data forgotten and deleted or to correct any errors in the data, to have its processing restricted, or request a copy of their personal data to take to another organisation. These requests must be fulfilled within a maximum of 30 days from the initial request. These timelines may look achievable, but there are many considerations

  • The amount of personal data that many organisations hold on individuals
  • The time it takes to consider the legality of the request
  • Proving the individual is who they say they are
  • Retrieving the data in all its different formats, from numerous systems
  • Reading it while focusing on just the personal data
  • Considering what data can be held back for other legal or commercial considerations
  • Gaining any compliance approvals

 5. Establish the correct practices to meet timelines

To meet the data subject requests, you will need to put in place the processes to quickly pass the personal data you can discover and forward this to a compliance expert for review. You need to ensure the company has a consistent process and it is not left to individual departments to come up with their own styles of approach.

You need to create procedures to ensure the personal data is:

  • Disclosed correctly as part of the data subject request
  • Deleted when a right to be forgotten request arrives
  • Corrected if needed by the data subject
  • Exportable to a data subject if they want to port to another company
  • Put in place Restrictions in electronic processes if they data subject objections to the processing

All of the above need to also be stored in auditable logs so that you can prove to the data commissioner on request, if asked.

6. Invest in the right technology and security

The integrity and confidentiality principle in the GDPR requires that personal data be protected from loss, damage and destruction. It is therefore critical to make sure that the data is backed up securely, so you can recover it and that any data you remove from systems, is also removed from backups and redundant systems. This would also cover the secure destruction or wiping of hard drives, USB devices, scanners and print devices.

There are numerous ways data can exit a company and often the simplest ways are via tools on individuals desktops or multi-function printers that are not normally restricted.

Even if you have already completed your data discovery phase, employees in your company will constantly be refreshing and adding new data to the business. This needs to be looked at regularly, as new (or indeed old) personal data can scattered across multiple devices, cloud tools, network shares, personal mobile devices and backup systems.

So what's next?

Even though the deadline day has come and gone, businesses are still scrambling to ensure that the data regulator doesn’t come knocking at their door. Just because it’s not all over every news outlet and social media channel anymore doesn’t mean that GDPR is not still an issue. If you haven’t made sure every single one of your processes is transparent and efficient, you will suffer at some stage. Follow these 6 steps regularly and thoroughly and you will ensure that your data is protected, compliant and your company will not be hit with a hefty fine. If what the survey says is true, and complexity is holding you back. Speak to an expert like Ergo. Use their services. What have you got to lose? A lot.

Spotted something you need help with? Speak to an expert now.

News and Blog Posts

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on
Diarmaid Flynn
02 November 2018 • Posted By Diarmaid Flynn Client Services Director

Get Compliant. Stay Compliant. 6 ways to stay GDPR proof, 6 months on

More and more, we have been hearing about companies who are not yet fully compliant with GDPR. In the latest...

Read now
Security Architecture - From Zero to Hero: Part 1
30 October 2018 • Posted By Nikos Vasileiadis IT Security Officer

Security Architecture - From Zero to Hero: Part 1

Security architecture refers to a unified security design that addresses requirements and potential risks involved in a certain scenario or...

Read now
Managed ICT Services: Diving in Deep
News 06 November 2018

Managed ICT Services: Diving in Deep

Read Now
Betting the Business on Big Data
News 06 November 2018

Betting the Business on Big Data

Read Now
Services in the Sky: Changing Clouds in a Shifting Landscape
News 05 September 2018

Services in the Sky: Changing Clouds in a Shifting Landscape

Read Now

Subscribe to Our Blog

Scroll to Top