the tip of an (or the) iceberg
phrase of iceberg
  1. the small perceptible part of a much larger situation or problem that remains hidden.
    “detected fraud is only the tip of the iceberg”
Navigating your way around the GDPR can be a minefield and most companies just don’t know where to start.  We’ve created this infographic to show the main areas that the GDPR covers and to help businesses get started.  The points listed below are just ‘the tip of the iceberg’, for a much wider picture and to gather more in-depth information that might be relevant to your circumstances, please take a look at www.ico.org.uk and in particular their very useful 12 steps to take now
GDPR Guide 1

Wondering whether you hold any sensitive data?  What is sensitive data? Where you can find it? & How you can secure it?

In a nutshell, sensitive data is any data a business considers to be confidential, and that which is bound by regulatory compliance initiatives such as the GDPR.

To break it down, it can be split into 3 sections:

  • Personally Identifiable Information (PII)
  • Business Information 
  • Classified Information

This includes, but isn’t limited to, information relating to race or ethnic origin, political opinions, religious beliefs, trade union activities, physical and mental health, sexual life, criminal activity, financial information, health care records, employment records, education records, trade secrets, sales and marketing plans, new product launches, patentable inventions, customer & supplier information, financial data, special security classification data and anything that poses a threat to national security.

Businesses, individuals and the government have a day-to-day responsibility to protect sensitive data; they have had this responsibility for 20 years with the Data Protection Act.  Now it’s become more important and necessary with the introduction of the GDPR, which comes into force on May 25th 2018.  Non-compliance can lead to significant reputational damage as well as heavy fines.

As a business you need to determine How sensitive the data you have is? Who has access to it? Can you see who has access to it? & most importantly Is it secure?

Start by searching through all your company data and classifying it by putting it into sections relevant to the above categories, set tags on the data to indicate what sensitive information it contains and who can & should have access to it.  Set access permissions on that data to ensure its secure and finally set alerts to notify you if there is any unauthorised access or threats to your data.

To get you started, take a look at this 12 Step Guide the Information Commissioner’s Office (ICO) have produced – its a great start to getting organised and may stop you getting a heavy fine or having your data compromised.