Astrid Data Protection has created a platform to help small businesses navigate the murky waters of the new General Data Protection Regulation (GDPR) that comes into force on 25th May 2018.
The EU regulation is designed to give greater rights to individuals to control their own data and how it is used.
Astrid Data Protection, based at Innovation Birmingham, was developed with small businesses in mind and provides a secure online platform that not only shows businesses what they need to do but gives them the tools and information they require to take practical steps towards compliance.
The platform also offers a training suite to ensure staff understand their responsibilities and a log to record who has completed training.
It also offers a secure repository to upload documents and a record of the process businesses have gone through to enable them to demonstrate compliance to the regulator, the Information Commissioners Office (ICO) should they need to.
Early customer, Alan Moran of Interface Financial Planning Limited says: “The Astrid system and supporting documentation is exactly what I need.
“I found it really helpful and easy to follow. I have no doubt that we will be fully GDPR compliant when we have worked through it.”
GDPR puts the emphasis on organisations proving that they are safeguarding personal data when they process it and has organisations scrambling to become complaint and avoid hefty penalty fines.
It requires organisations to be more accountable for their data processing activities by not only requiring them to comply but to demonstrate how they are doing so.
With a very broad definition of personal data under GDPR, it’s not just marketing departments feeling the heat but human resources, IT, finance, customer services, sales, transport and operations. It essentially affects any business operating in, or selling to customers in, the UK and the rest of the EU.
Astrid was set up by Gerrard Fisher who joined the Innovation Birmingham’s e4f programme in September 2017.
Fisher’s background in business efficiency, product development and process engineering combined with his knack for making complex processes simple for people to use led him to develop the concept.
He went on to train formally as a GDPR practitioner and turned to former colleagues and associates to help him get the business off the ground.
The four like-minded professionals who joined as shareholders have extensive expertise in business development, marketing, data protection law and finance.
“We have found many businesses just don’t know where to start when looking to become GDPR compliant and are hugely appreciative of the support we provide,” said Fisher.
“We have worked really hard to break our process down into manageable steps to remove the fear factor and provide the resources small businesses need to help them on their journey. So far, it’s been very well received.”