We are pleased to announce that Naome Harrison, our Quality and Assurance Manager, has become a Certified EU General Data Protection Regulation Practitioner! After spending time learning from the experts on how to meet the requirements of the EU GDPR to help us get ready for the impending regulation, we caught up with Naome to find out more about what the course involved and what her new practitioner status means for Intercity Technology…
What did the GDPR Practitioner course and assessment involve?
The GDPR Practitioner course was split into two parts; GDPR Foundation and GDPR Practitioner. The foundation was a one-day course with an exam at the end of the day. The aim of the courses was to provide a comprehensive introduction to GDPR and a practical understanding of the implications and legal requirements. The foundation was a pre-requisite of moving onto the GDPR practitioner course.
The GDPR practitioner course took place over four days with an independent APMG exam at the end of day four. The courses aim was for the candidate to gain knowledge and skills to implement an effective compliance programme and fulfil the role of the Data Protection Officer (DPO) under the GDPR. Under the new EU data protection regulations, the appointment of a Data Protection Officer (DPO) will be mandatory for controllers and processors in the public sector or for companies processing large scale systematic data. The obligations for this new and challenging role will require insight into cyber threats, risks, data breach management, secure design and secure by default principles, privacy compliance and the legal spectrum of the GDPR.
What does this now mean for your role and Intercity Technology?
It is a legal compliance for Intercity Technology to comply with GDPR by the 25th May 2018. Attending the course qualifies me to be a Data Protection Officer (DPO), so I can ensure that as a business we have the correct knowledge to drive the GDPR project and continued compliance forward. The DPO role is compatible with my current role of Quality and Assurance Manager and ensures the business has a DPO representative who doesn’t have a conflict of interest.
What have you learnt?
There is a lot of work to do! On a more serious note, data protection and GDPR is a hot topic on everyone’s lips at the moment and I think Intercity Technology has a good front foot in ensuring compliance due to us having an established IMS (Integrated Management System), which includes ISO27001 – Information Security, ISO20000 – Service Management & ISO9001 – Quality Management and CyberEssentials. We also host the majority of our own data so we have a good grip of where personal data is being stored.
Naome will be talking about how Intercity Technology has approached GDPR, as well as holding a Q&A session at our GDPR event in London on Tuesday 19th September, in conjunction with Juniper and thinkfortytwo.
As 25th May 2018 looms closer, Information Security personnel and anybody responsible for data protection should be ready to ensure that their organisation has completed their GDPR compliance...