On 13th March, 2018, around 350 attendees from local businesses and organisations joined myself and speakers from from Leathes Prior,  Selesti and Breakwater IT to hear us speak about various aspects of preparing their organisations for the GDPR (General Data Protection Regulation).  I spoke for around 20 minutes on the importance of Cyber Security as part of your GDPR compliance strategy.

The event was sold out, and over-subscribed – I believe it was the most subscribed event in the history of the Norfolk Chamber. I think that’s indicative of how much organisations are still trying to get to grips with GDPR, but it’s really positive to see the number that are giving it serious attention.

All of the speakers concentrated very much on their areas of specialisation such as lawful basis for processing, marketing etc.  This was highlighted not only in the presentations, but in the panel Q&A at the end where much “mic passing” ensued with each of the speakers answering questions within their area of specialism.

Within your organisation, addressing Data Protection and GDPR requires a multi-disciplinary approach – there are many stakeholders to engage in the process, and they need to work together. If you’re getting in outside help, particularly if your concern is GDPR for small businesses,  keep that in mind too. You may need specialists in more than one area to help – Legal, Marketing, IT, Cyber Security, for example. If you can find specialists who work well together, and are happy to focus on their specialist areas and collaborate with each other, as well as your teams, approaching things on a partnership basis, I believe that’s an optimal route to success.

From a personal perspective, I felt pretty comfortable presenting in front of a much larger audience than I have done before, and this served to re-inforce something that I’ve known for a while – preparation is key. I often speak to groups of 10-30 people using bullet points only to guide me, but this was slightly different – so I prepared differently. I scripted, and I built my slides around that. I practiced, recorded and timed my presentation in advance. And I made some tweaks. But I felt prepared.

That preparation helped me hugely, and, there’s a parallel with Security and GDPR, generally, but especially particular aspect that I spoke about – Incident and Breach Response plans. These are critical to your Cyber Security and GDPR strategy. Because for all the preparation you do, and all the preventative measures you put in place, you can never be 100% of preventing security incidents or breaches.

Having clearly defined response plans in place, and practicing them, can really help you be prepared for the worst, can have a huge bearing on how your organisation recovers from an incident or breach, and on how effectively you can adhere to the Breach Notification requirements within GDPR. I’d urge any business to consider these plans ASAP, remembering that May 2018, preparation is key.

Want to read more about the event?  Click Here for the Chamber write up