Depending on the size of your business, the GDPR may require you to maintain a register of data processing activities; but what activities should you record and does this apply to you? It can be daunting to know where to start in finding out what GDPR requirements apply to your business; therefore, it can be easy to get the wrong idea.

The problem

There is a misconception that the GDPR requirement to maintain a register of data processing activities only applies to businesses with over 250 employees. After some enquiries made to the UK’s data protection authority; the ICO, it appears that this is not the case!

Companies with under 250 employees need to maintain a register of ‘non-irregular’ (why can’t they just say ‘regular’?) processing activities, for example: collecting employee’s emergency contact details.

Companies with over 250 employees need to maintain a register of both irregular and non-irregular processing activities. An irregular processing activity is any processing activity outside of your usual business practice, for example, if an online casino (which has a requirement to collect your email address to provide their service) was to send you an email to advise you of a new line of business that they had started.

The solution

All businesses must maintain a register of non-irregular data processing activities, and the ICO has a page dedicated to help you comply with this requirement: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/documentation/how-do-we-document-our-processing-activities/

This page has a useful guide to help you capture and document your data processing activities, and the required additional data (such as purpose and data category) of the activity, to comply with the GDPR.

 

 

Cloud services offer solutions to a myriad of business problems, and more businesses of all shapes and sizes are choosing to adopt cloud solutions for its flexibility, efficiency, accessibility and strategic value. Do you want to securely share that sensitive document with a partner organisation; or easily manage your company accounts and payroll? Go ahead there’s a cloud service for that.

The problem

What happens to your businesses’ data when you decide to stop using a certain cloud service? I’m sure you don’t want copies of your valuable intellectual property (IP), or personally identifiable information (PII) that you control or process leaking out into a competitor’s or cyber criminal’s hands, so you need to know how and when your data will be removed. Why?

Money.

Losing IP to a competitor will risk giving them the edge over you in a competitive market, losing you sales and return on investment on all that R&D spent to develop your IP.

Losing PII will not only undermine trust in your business; but will have further ramifications under the GDPR and will probably net you a heavy fine from your local Data Protection Authority.

The solution

Any cloud service provider worth their salt should have a Data Retention and Disposal Policy that will inform you of when and how your data is securely removed should you need to remove that data, or if you decide to no longer use that service.

The big three cloud players: Amazon AWS, Microsoft Azure and Google Cloud, have well-documented policies; that any service hosted on their infrastructure can provide to you. However, I’m surprised that many big names that run on their own cloud infrastructure are either hesitant to provide you with this information (as if it’s some trade secret); or that they just don’t have the relevant policies in place at all.

Remember to check that any cloud service you sign up to has robust policies in place for when you need your data to be removed, as well as making sure your data is secure whilst you’re using the service.

If you’re unsure about where you stand with cloud services and GDPR, don’t hesitate to contact us for more information.

 

Cloud computing can be simply described as the action of taking services and moving them outside of an organisation’s local servers or personal devices to access them via the internet. The services are usually used and paid for on an as-needed or pay-per-use basis.

The Key Types of Cloud Computing

Public Cloud
These are owned and operated by a third-party provider where accessing your account is done using the internet. All hardware, software and other infrastructure are owned by the third-party provider.

Private Cloud
A private Cloud resource is used exclusively by a single business and can also be located internally. It can also be managed by a third-party provider however, the services and infrastructure would be located on a private network.

Hybrid Cloud
As the name suggests, this type of Cloud is a ‘Hybrid’ of the Public and Private Cloud types. Data is able to bounce between Public and Private Cloud systems, giving organisations greater flexibility and security.

Multi-Cloud
This type means that an organisation has multiple providers managing its Cloud infrastructure and applications. This allows you to place certain pieces of work into where it performs best.

The Benefits of Cloud Computing

Instead of holding all services internally, organisations turn to storing their services externally in The Cloud to benefit from the following advantages:

  • Cost – Having The Cloud means there’s no need to spend money on buying hardware and software and setting up on-site data centres.
  • Security – You won’t have to worry about your company’s computer systems failing and losing all critical data and applications. Some Cloud providers even use remote servers to back-up the data that they keep secure – so losing any information you’ve stored on The Cloud just isn’t possible.
  • Speed – Most Cloud providers allow customers to access their data on-demand, making access flexible and quick but not putting security at risk.
  • Access Anywhere, Anytime – Placing data into The Cloud means that any data can be available outside of an organisation’s IT system.
  • Reliability – Having a Cloud can give you peace of mind that your organisation is protected against losing data, potential disasters and the possible large costs it could take to recover lost information.
  • Scalability – The Cloud can evolve and grow with your business by delivering the right amount of IT resources exactly when and where it’s needed.

The Disadvantages of Cloud Computing

Even though we would recommend using Cloud Computing to store data, there are bound to be some disadvantages to the benefits of holding data outside of an organisation.

  • Bandwidth Limitations – Cloud providers may only allow a certain amount of data to be transferred across a given path at a time, which could mean additional costs if an organisation goes over the limit. At Economit, we can guide you through the best Cloud provider for you, to ensure that you are fully aware of the small print and any potential charges.
  • Data Security – Even though Cloud security is high, storing data outside of organisations and placing it into the responsibility of a provider can make some companies cautious. Before committing, be aware that you are passing sensitive information to a third-party provider. We can impartially and independently advise on the most reliable Cloud provider to ensure your information is as secure as possible.
  • Accessibility – If you’ve got no internet connection, you have no access to your stored services and data.
  • Data Management – The data management systems of an organisation don’t always suit a Cloud’s system and structure. We can help you greatly in this department by ensuring that your organisation works in line with your Cloud and vise-versa.
  • Compliance – Depending on the type of industry your organisation is in, it may not be possible for you to work within The Cloud. Industries such as healthcare and financial have to be particularly careful about where their information and services are stored for security and access reasons.

If your business is in the East Midlands or London, contact us about your Cloud Computing needs. We offer independent, impartial assessments and guidance.

 

 

 

 

SME organisations that don’t operate in the technology sector, as a rule generally don’t employ technical staff that have the ability to question the IT status quo or make positive decisions in the best interests of the company they represent.

In fact, most SME’s tend to outsource their IT support to external providers and heavily rely on them to make critical IT decisions. And herein lies the problem…
Alongside outsourcing their IT support requirements, many SME’s also have the tendency to believe that these IT suppliers have the ability to make and offer strategic business level IT decisions as part of their operating deal.

This would be great if it was true but sadly isn’t the case. Instead, a lot of IT support companies prefer to offer reactive breaks/fix service models – which centre on the idea of “keeping the lights on” – rather than strategic tools that can help to make your business “better”.

Now, this isn’t to discredit this technique/approach as it is extremely important to keep your businesses “lights on” and operating. However, the scope of such a service is very narrow when you consider the vastly complicated digital world that we live in today.

Not only does this type of service traditionally not aim to digitally transform your business; it won’t enable you to experience the kind of growth and sales revenue that is possible from such endeavours. When placed on a larger scale, its sole goal is to enable you to get by.

That is why engaging with an independent and impartial senior IT professional – who can take responsibility for all things digital within your business – is so vital.

With their assistance you can: ensure that your costs remain controlled and minimised; reduce and even automate your manual processes (wherever possible), and most importantly, they can help you to achieve a tangible return on your IT expenditures which can ensure that your business is recognised as a digitally forward thinking organisation.

It goes without saying that cyber security is the tech theme of the moment. Yahoo! just had 1 billion accounts hacked the other day and there will no doubt be further high profile victims ready and waiting to be sprung in the media shortly. It’s inevitable. No individual or organisation is really completely safe. And don’t let anyone tell you otherwise.

But for the vast majority of businesses, getting the simple and basic things right will provide more than adequate protection against increasingly clever and resourceful cyber criminals. It’s also easier for smaller organisations to provide adequate protection for themselves as they typically have fewer locations storing data and the size of that data is miniscule in comparison to the like of the Yahoo!’s of this world. But the fact of the matter is that the majority of businesses don’t provide adequate protection. Not even close in fact.

A few years ago, the good ol’ government brought out a little gem of a standard – Cyber Essentials. Simply put, the standard ensures that anyone carrying it’s favourable marker is a reputable digital-faring business. A business that has got the basics right, the not-so basics pretty good and the definitely not basic catered for in its tech roadmap.

Cyber Essentials is a standard that Economit (and many other like-minded high tech IT consultancies) believes in. We have held the standard for a number of years now as have our esteemed client base. When applied correctly and to the letter of the law, Cyber Essentials ensures worthwhile policies and procedures are put in place and adhered to, adequate digital protection is in place across all devices (including mobile ones) and the personnel responsible for managing IT environments have standardised, clear and above all correct procedures to follow.

Why is this so important? Well, if you store digital data either on your own, your customers or your suppliers behalves then it is your responsibility to protect that data and in turn the reputation of everyone concerned. In IT security terms, if you’re not part of the solution then by default, you’re part of the problem.

Contact us today to join our growing list of Cyber Essentials accredited companies such as Sygnature Discovery, Marlborough Group, Smith of Derby, Futures Advice and many others and prove you are serious about cyber security.

Planning for an upcoming budget can be a daunting and unwelcome task at the best of times. Especially IT budgets.

For businesses that operate without executive level technology input, planning for an IT budget could be almost seen as an impossibility. I don’t mean to discredit the many Finance Directors out there who have overall responsibility for IT in their organisations but I’ve said before that it’s a bit like getting a plumber to do an electricians work – and vice versa. For a start there are only two digits in IT – 1 and 0 😉

Quips aside, prior to a potential client engaging with Economit, we have observed that IT budgets tend to be a little samey year after year. Statements like “well, we bought this amount of IT products & services last year so it’s fair to say we’ll spend the same amount this year with maybe a few extra points added on for inflation/growth plans” are all too common. And unfortunately all too wrong.

I think we can all safely agree that technology is changing the business landscape rapidly – it has been doing so for decades so nothing new there. I’d go as far as to say by the day in fact nowadays – new products & services are appearing to market at unbelievably accelerated rates. Granted these products & services may take a while to mature and become “mainstream” before they will be considered viable by the majority of “non-early adopters” but even so, these accelerated rates are causing pressure for businesses to adopt new tech much more quickly than ever before.

So I would like to pose a simple question: with technology developing so rapidly, why do IT budgets remain fairly static or even decrease year on year?

To which maybe, there’s a simple answer: businesses don’t know any better and therefore always do the same tech things (and consequently get the same tech results).

Without executive technological direction, there is no discernible way that a growth-aspirational business can budget accurately for technology expenditure. Yes, it’s true that there are more IT products & services to choose from than ever before which in turn, makes the choices that much harder to make so therefore it would make common sense to ensure this vital budget is put in the hands of an expert who is technical enough to understand it, experienced enough to be able to deal with it, impartial enough to guarantee complete trust in the decision making process and commercial enough to make sure your business actually grows from it.

Nick Briers

2016.03.16%20-%20Economit%20-%20Office%20&%20headshot-19

As is customary for the timing of Economit ‘new starter’ blogs I am writing this as I am just coming up to the six-month point of my employment. I suppose the advantage with being this late in writing is that it has given me the opportunity to better take stock of everything… from my role, to the team internally, to our customers, to Economit and where we are heading.

I have performed a variety of Project Management roles in the past but this is the first time for a while that I am solely responsible for delivering projects, both internally to the business and externally to our clients. This is really beneficial as it is allowing me to focus on driving improvements to the business and also hopefully delivering projects on time to our clients, without any conflicts or distractions.

Due to the busy nature of the business time has definitely flown by and it is only on the rare moments when you get the chance to look back that you realise the changes that have taken place and the distance that we have come. In my time new CRM, quoting and finance systems have been purchased, implemented, tested and are now in full flight… the team has grown and two new starters have joined (one of which has already beaten me in writing a blog!)… a number of client projects have been successfully delivered… new clients have been brought on board and the list goes on!!

I’m definitely looking forward to the next 6 months and can only see good things happening so watch this space.

If you want to say hi or have a question for me or one of the team you can get in touch at nick.briars@economit.co.uk

Nick Gall
Nick Gall

To predict the evolution of technology would be great wouldn’t it?! Let’s face it we’d all like to be a Mark Zuckerberg or Steve Jobs but even some of the greats slipped up from time to time. Bill Gates once said “Two years from now, spam will be solved…” not quite Bill, some may say we’re receiving more than ever. Another classic was in 2005 when Alan Sugar was ridiculed for saying: “Next Christmas the iPod will be dead, finished, gone, kaput.”. Clearly they were wrong but it’s not hard to see why, technology is moving faster than ever before and it’s not becoming easier to predict.

Since the introduction of powerful computers, smartphones, Internet and apps, everything we do has become more digitised. The accessibility of data and the ability to consume more than ever is having a direct effect on our patience towards day to day operations. We’re just not willing to wait for information these days.

It’s this shift in our behaviour, Millennials coming of age and the technologies we use that will make businesses vulnerable and more powerful all the same. Digital has changed business forever and those that have embraced digital are most likely leading their industry and influencing others whereas those that haven’t will begin to lag behind.

Digital strategy isn’t just about having a website, it’s considering IT as part of the business planning and decision making process. It’s about moving beyond developing and supplying services for internal users to developing solutions that meet the needs and expectations of external customers too. It’s this delicate shift that businesses are missing. Are you bringing IT closer to the decisions you make? Setting KPI’s for innovation dare I say? If not, start now.
Businesses delivering products or services to the public are predominantly in the firing line. Your customers will be expecting you to know who they are and their history with you within seconds of taking their call. There are developments in the market for fridges that scan your items to enable automatic reordering and home technologies that offer voice command to help plan your day or your next shopping list and this is only the start of how consumers will want to interact with their favourite brands. The rise in popularity of the Internet Of Things is a clear enabler for this innovation and simply for large corporates it’s a question of why have your customer on the phone shouting about an issue if you could have already fixed it?
Business to Business organisations won’t find this transition that much easier however they won’t need the constant overhaul of their digital strategy as businesses in the consumer space will. Businesses have already begun to expect more and gone are the days where you can keep your data tucked away on the server or (heaven forbid) in a filing cabinet ready to post clients the info they request. Storing data securely in an accessible environment for client self-serve access is becoming the norm. Integration projects are very popular too. Bringing current applications together is a key driver for businesses where they’re trying to get the most out of current assets but need to reduce change for staff – whilst at the same time meeting the new demands of their clients.
It’s hard to see any plausible excuse for not moving with the times, I’ve already mentioned the sheer volume of innovation so we’re spoilt for choice really. The dark and littered past of IT with large and costly server deployments are simply no more. So digital transformation is easy right?! Unfortunately, not. Of course Technology is easier to purchase and deploy and yes there’s more choice but our requirements are more widespread and we no longer just have our users to consider, it’s our clients too!
Businesses accepting that IT isn’t simply support for back office and internal customers is key. Draw a line in the sand and start over. IT shouldn’t just serve you email and a good CRM. That’s considered the standard and we’re beyond that now. Consider technology to be key to the business delivery, review your products and services and overhaul your processes by asking how involved IT are in your business objectives.
A couple of things are guaranteed; Innovation will at continue at (least) its current rate and we’ll see more and more options to choose from. That in turn will raise the expectations of our clients meaning the pressure will firmly be on to digitise your business.
Justin Weir

Justin Weir

One of the key deliverables of my role with Economit has been securing ISO 9001 certification. Having begun our ISO journey by reviewing the key stages of our core service activities: Outsourced IT Director, Project Management and Independent IT Assessments, we created a set of processes and actions that were standardised, customer focused and we all agreed represented what we did. We delivered these through our Quality Management System by working closely with our quality consultant to develop the standard documentation and our system was born.

I was naturally concerned as we approached our final audit as my first experience of Quality had been paper based, stressful and time consuming in a manufacturing environment almost 20 years ago.

In retrospect, we have practised what we preach to deliver ISO 9001. The right IT infrastructure allowed us to best manage and store our relevant documents. The workflow between our systems through accounting, sales, time management, project management and delivery of our services through our systems has ensured that we have the necessary glue to create great work flow and ultimately focus on client delivery as opposed to process management. Everything data wise for ISO 9001 is managed online, stored safely and easily auditable.

With no non-conformance at the final stage audit, just over 12 months since we implemented our Quality Management System I am proud to say we are accredited. We have developed, learnt, refined and evolved throughout that time our process and client experience, but now have the ideal platform to continue delivering a consistent and great customer experience.

Bring on ISO 27001.

236-ISO-Certificate-Logo-BW-EMB-Cert-Num-UKAS-White (2)