Menu

  • Facebook Social Icon
  • LinkedIn Social Icon
  • Twitter Social Icon

Lucid Networks Ltd is Registered in England No 07420251.  Registered Office: Greenheys Building, Manchester Science Park, Pencroft Way, Manchester M15 6JJ
Website copyright (c) All rights reserved 2017/2018

GDPR 

General Data Protection Regulation (GDPR) is an EU directive, effective from 25th May 2018.

 

It creates a standard approach to the processing and use of personal data across Europe, with the risk of significant fines for non-compliance.

 

GDPR says that personal data should be:

  • Lawful, appropriate & fair – in the way that it is processed;

  • Collected for a specific purpose – and retained in a manner compatible with that purpose;

  • Adequate, relevant & Limited – to what is necessary in relation to the purposes for which it is processed;

  • Kept no longer than is necessary;

  • Accurate & up-to-date – in keeping with the technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of individuals;

  • Processed securely - using appropriate technical or organisational measures, which will protect against unauthorised or unlawful processing and accidental loss destruction or damage.

Customer Focus

Sector: Healthcare

Requirements:

Become GDPR fundamentals certified

Our solution:

  • GDPR gap analysis

  • Technical consultancy to put IT infrastructure controls and systems in place to meet the standard.

  • Lucid gathered all evidence and managed the certification process.

  • GDPR fundamentals certification in 5 working days.

Customer Benefits:

  • Compliance towards GDPR

  • Clients trust that company data is adequately protected.
  • Personal is processed securely to reducing the risk of a data breach.

As a data controller and/or processor, GDPR expands on and replaces the current Data Protection Act, and creates new responsibilities if you’re handling special categories of information.

 

Examples of where you may be collecting and processing this data include:

  • Direct marketing through an email mailing list

  • Personnel discussions via instant messenger or email

  • Customer data input into CRMs, cloud management systems etc.

GDPR makes it your responsibility to safeguard that information, and ensure it's processed legally and fairly.

 

At Lucid we’re committed to helping clients implement the practical IT actions needed in response to GDPR.

 

Our advice to clients is to avoid the uncertainty surrounding GDPR, create an action plan, and use your compliance journey as an opportunity for organisational improvement.

GDPR Fundamentals

GDPR Fundamentals is a data protection standard devised to assist organisations in their efforts to comply with the GDPR directive.

 

It applies to any organisation that is a:

 

  • Data Controller – collects personally identifying information and determines how it is processed​

 

  • Data Processor – processes personally identifying information on behalf of a data controller

 

And who:

  • Operates in the EU​

 

  • Handles information concerning data subjects located in the EU

 

It has been developed by QG Management Standards, one of the 5 bodies approved by the government to oversee the Cyber Essentials standard.

 

QG Management Standards have applied the Cyber Essentials methodology to the requirements of GDPR, producing the only practicable framework available in the UK to assist with compliance.

 

The methodology is delivered in the form of a questionnaire, which our GDPR fundamentals practitioners use to assess your systems and policies against the demands of the standard.

Lucid's ABC approach to GDPR certification

We break the roadmap to compliance with the GDPR Essentials standard down into a three-stage process, making it ABC simple:

 

A. Analysis

  • A consultancy engagement to identify a gap analysis for GDPR

  • An Action plan presented to all key stakeholders

 

B. Business actions

Targeted and practical solutions including:

  • Technical solutions

  • Consultancy

  • Policy reviews

  • Training and education

 

Once you’ve acted, you’ll then be ready for…

 

C. Certification

With risks identified in A and mitigated in B, you’ll be ready for GDPR Fundamentals certification.

 

Our qualified practitioner will undertake a final consulting engagement, allowing them to gather the evidence necessary to demonstrate your achievement of the standard, before reporting to the awarding body on your behalf.