Astrid Data Protection, an Innovation Birmingham-based start-up, has launched an online platform to help small businesses improve their data protection and meet the new General Data Protection Regulation (GDPR) that comes into force on 25th May 2018.
The EU regulation is designed to give greater rights to individuals to control their own data and how it is used. GDPR puts the emphasis on organisations proving that they are safeguarding personal data when they process it. It requires organisations to be more accountable for their data processing activities by not only requiring them to comply but to demonstrate how they are doing so.
With a very broad definition of personal data under GDPR, it’s not just marketing departments scrabbling to comply within the next few weeks but human resources, IT, finance, customer services, sales, transport and operations, creating a major headache for any business operating in, or selling to customers in, the UK and the rest of the EU.
Astrid Data Protection was developed with small businesses in mind and provides a secure online platform that not only shows businesses what they need to do but gives them the tools and information they require to take practical steps towards compliance.
The platform also offers a training suite to ensure staff understand their responsibilities and a log to record who has completed training, as well as a secure repository to upload documents and a record of the process businesses have gone through to enable them to demonstrate compliance to the regulator, the Information Commissioners Office (ICO) should they need to.
Early customer, Alan Moran of Interface Financial Planning Limited says: "The Astrid system and supporting documentation is exactly what I need. I found it really helpful and easy to follow. I have no doubt that we will be fully GDPR compliant when we have worked through it."
Astrid was set up by Gerrard Fisher who joined the Innovation Birmingham's e4f programme in September 2017. Gerrard’s background in business efficiency, product development and process engineering combined with his knack for making complex processes simple for people to use led him to develop the concept.
Gerrard went on to train formally as a GDPR practitioner and turned to former colleagues and associates to help him get the business off the ground. The four likeminded professionals who joined as shareholders have extensive expertise in business development, marketing, data protection law and finance. Gerrard said:
“We have found many businesses just don’t know where to start when looking to become GDPR compliant and are hugely appreciative of the support we provide. We have worked really hard to break our process down into manageable steps to remove the fear factor and provide the resources small businesses need to help them on their journey. So far, it’s been very well received”.