GDPR: Top compliance tips from the experts

A panel of experts answer your questions on the challenges inherent in the EU's new GDPR legislation

A panel of experts has answered Computing's audience's questions on the finer details around compliance with the EU's new GDPR legislation, which comes into force in the UK on 25th May 2018.

The panel, including Robert Bond, partner and notary public at law firm Bristows LLP, and James Walker, security consultant at Trend Micro, discussed what a firm's options are when inundated with subject access requests.

The audience member voiced a concern that a possible scenario exists where all staff time could be taken up with responding to these requests.

"It is difficult," began Bond. "Because you do have to respond to subject access requests. You need to have a system set up to deal with them as efficiently and effectively as you possibly can."

Walker added that the question was valid, because some people will want to overload a firm with these forms of request, possibly out of malicious intent.

"There are those types of people out there who will do this," he said. "The most important thing is to centralise that data as much as possible, indexing it so you know what you hold, and then developing applications which can automatically extract that information in that format, whilst excluding certain types of information which shouldn't be in there."

Computing has put together a list of resources for firms to use to help understand their responsibilities with regards to GDPR, and take appropriate steps towards compliance.

Heidi Fraser-Krauss, Director of Information Services & Acting Academic Registrar at the University of York, recently commented that she had received a lot of sales pitches for applications which supposedly could help with GDPR compliance.

"If I had a pound for every time I heard a piece of software can make you GDPR compliant," she stated, implying that she'd be very rich in that scenario