GDPR with CyberSmart

GDPR is relatively complicated and there is no one-stop shop, due to the complexity of the law.
CyberSmart is approaching GDPR a bit different than lawyers or consultants.

We are combining GDPR requirements with cyber security because we believe that updating a privacy policy won’t be sufficient. That is why we are are using a framework called IASME Governance, which is regarded to be a mini version of ISO 27001. It includes best practices around data protection, risk mitigation and cyber security and is designed for SMBs.

Once you have successfully implemented the guidelines, you will have reduced your cyber risk by over 80% and have lots of evidence for the Information Commission Officer regarding GDPR compliance. You will also get an official IASME certification that is widely recognised (Note: there is no official GDPR certification from the government yet) and you will have laid a solid foundation for your organisation around data protection and cyber security.

We are thrilled to start this journey with you!

Your team at CyberSmart

How CyberSmart helps you get GDPR ready

We deliver simple policies, secure individual devices and help you as much as we can via our SaaS platform and customer support. We can’t do everything for you – but we will tell you what you have to do. Unfortunately, meeting all the requirements can’t be done in a day and you will have to stick with us for a couple of weeks, but we are working incredibly hard to streamline as much as we can and get you GDPR ready in no time.

We are currently testing our GDPR/IASME add-on with a handful of our existing customers and will be launching in mid-April. Pop in your details and we will be in touch shortly!

Your Journey to GDPR compliance explained

As you may already know, there is no golden bullet for GDPR.

It requires: smart software and support (from us), a review and rollout (from you) and potentially some support from third parties (from them).

Here we breakdown exactly what’s involved in your journey to GDPR compliance.

1. What we do

(from us)

We provide the key support to take your GDPR readiness implementation journey from months to days.

  • Toolkit: Provide all the policies and documents you need to review, implement and manage GDPR
    • Core documents – data mapping, data privacy impact assessment, asset register, business continuity plan, security incident form and more
    • Custom written, easy to understand SMB friendly policies
    • As well as core documents we provide some nice bonuses – sample privacy forms, supplier review documents
  • Starter ISMS (Information Security Management System)
    • Following the IASME framework – mini ISO 27001
    • Digital policy distribution
    • Audit trail and recording of compliance
  • Security: Ensure user devices meet reasonable measures
    • We check
    • We secure
    • Ongoing reporting
  • Certification:
    • Once the toolkit has been implemented throughout your organisation, we certify you to the IASME Governance + GDPR readiness standard
    • Receive a badge of certification you can use to demonstrate compliance

2. What you do

(from you)

  • Conduct the data mapping, data privacy impact assessments and update policies
    • We provide all the templates for this to streamline implementation and ensure activities are in line with legal requirements
  • Make process and supplier changes a result of the assessments
    • For example:
      • how you collect consent
      • forms for users to view, edit and delete their data
      • data retention procedures
    • Review and document the suppliers who process your personal data
  • Re-obtain consent and remove any data no longer needed
    • At next logical point
    • Data purge anything no longer required
  • Training – it’s important those handling personal data are aware of what GDPR is and how to respond to custom queries regarding this
    • Explain the importance and relevance to their day jobs
    • Develop simple step by step guides they can follow for processes
  • Potentially: If you have custom software you have developed which handles personally identifiable information
    • You will need to ensure this complies and builds in “Privacy by Design” principles (obtaining proper consent, processes for edit/removal etc)

3. What third parties do

(they do)

These are third parties which may be supporting you in your efforts. In some cases these functions may exist within your organisation – such as an in house legal counsel or internal tech team.

  • Lawyers
    • review your basis for processing
    • revise your legal terms
    • we can recommend SMB friendly lawyers if you need
  • Tech team – if you don’t manage your own IT systems
    • you will need to ask your managed service provider to make some security changes for you – we will tell you what these are
    • Don’t worry – we work directly with your tech team (internal or external) in order to ensure you are technically compliant

While you wait...

If you want to get GDPR ready with CyberSmart and you are not Cyber Essentials certified yet, you can start now as it a part of the IASME/GDPR requirement.

Secure by Culture

Simple and Smart

We believe security should never hinder progress. That’s why our entire platform is designed with user-friendliness in mind.

Plain English

Compliance standards can be confusing, that’s why we took out all the jargon. Technical aspects are always explained.

Live Support

Our compliance specialists are on standby in case you have any questions or just want to have a chat.

Free Cyber Insurance

Receive £25,000 worth of cyber incident coverage with CyberEssentials certifications (terms apply).

Secure by Design

Built with security in mind

From architecture through to testing, security is at the core of our platform. Built by security specialists.

Clever Integrations

We seamlessly integrate with Microsoft 365 and G-Suite to make deployment and management even easier.

Rapid Certification

Our platform is the fastest, cheapest and easiest way to achieve Cyber Essentials. Certificates are issued within 24 hours.

Easy Deployment

CyberSmart can be deployed without sending a technician on-site. But of course, we are always here to help.

Want to find out more?

Not sure how CyberSmart works or which certification to get?