8 Interesting Facts About VOIP

1. It’s scalable.

The simplicity of installing additional services and users makes VoIP an ideal option for companies who seek the flexibility required to scale up or scale down their telephone network.

2. Integration’s simple. 

Setting up and installing a VoIP solution is incredibly easy. Particularly with the support of a dedicated communications provider. By evaluating the required bandwidth and network capacity, your provider will recommend and install the best equipment to support your individual business requirements.

3. Quality’s not an issue.

Back when internet connections were unreliable, VoIP struggled to compare with ISDN in terms of quality. However now, with superfast broadband and QoS commonplace, businesses can enjoy crisp, clear VoIP along with the added security of auto call forwarding and voicemail to e-mail.

4. Cost savings all round.

The first saving is on the cost of calls, of course. However, you can also eliminate the cost associated with maintaining and upgrading a traditional phone system by switching to VoIP.

5. Easy to manage.

Working alongside a dedicated communications provider makes managing your VoIP solution simple. Thanks to the use of web portals, the following amendments can be made promptly:

  • Adding or removing a user
  • Installing additional lines
  • Setting up call forwarding
  • Amending your system configurations

6. Security is paramount.

Much like other providers of sensitive online services such as online banking and digital payments, VoIP developers are constantly building sophisticated defence measures like firewalls, redundancy and encryption to ensure your business data remains secure.

7. Improved efficiency.

The portability of your VoIP number means you can take your connection with you, wherever you go. Ideal for employees who travel both locally and abroad. What’s more, its web-based functionality means it integrates seamlessly into other functions like e-mail, fax and conference calls.

8. Keep your numbers.

A common misconception is that switching to VoIP means you have to change your phone number, resulting in unwanted administration. VoIP providers actually offer number porting facilities as well as additional landline and Freephone numbers to support your business as it grows.

21 Online Scams You May Not Know About

Are Your Employees Keeping Your Data Safe? Don’t count on it!

Let’s illustrate with this true story…

A man was making his way to his local jobcentre when he spotted something glistening in the morning sun. Full of curiosity, he went to investigate and discovered it was a USB stick. Being a frugal man, he popped the device into his pocket, thinking he would be able to put it to good use later. When he returned home, he connected the USB to his laptop, but before reformatting the device he decided to check out its contents (we mentioned earlier he was a curious soul). As he sniffed around, he realized with amazement that the device contained high level security information for Heathrow Airport. 174 folders containing maps detailing CCTV camera locations, labyrinthine tunnels snaking below the building and even the exact route the Queen takes when she uses the airport.

Understandably worried, the man quickly ejected the device and brought it to… the Daily Mirror (go figure, it surely had nothing to do with the money The Mirror and other tabloid newspapers were offering for information of this type). The news caused a huge uproar and led to BAA (then owner of Heathrow, now Heathrow Airport Holdings Ltd) overhauling the way company data was handled (and so they should! Can you imagine what could have happened if that information had gotten into the hands of unscrupulous types. “The exact route the Queen takes when using the airport” – makes you shudder…)

No one knows how this sensitive information found its way to a street in London, however, all signs point to the USB drive being dropped accidentally by a hapless employee. This story hammers home a vital point: whether you’re an international airport hosting more than 70 million travellers each year or a small business with 5 employees, your biggest security risk isn’t hackers based in outer Mongolia but your employees!

So how do you keep your data safe? Well the EU General Data Protection Regulation (GDPR) sets out some guidelines regarding protecting sensitive information but here are some of our top tips:

1. Identify your important data

Before you even start thinking about how you protect your company data first do some housekeeping. First identify the information you need to protect (“crown jewels” such as financial information or trade secrets, employee records, customer data / payment info). Once you know what needs to be protected, you will then need to know how this information is collected (or created), how it is stored (servers, cloud, mobile devices, emails) and also how it moves (i.e. email, Wi-Fi, portable device such as a USB).

2. Now Protect It!

  • Encrypt your data. That way if it is accidentally lost it would mean nothing to anyone who finds it.
  • Use strong passwords to protect your most sensitive information.
  • Will you know when your important data is leaking, or being accessed or taken? There are intelligent tools that can give you this information.
  • Is cardholder information handled exclusively by a secure payment portal?
  • How is your important data backed up?
  • Is it necessary for all your users to be able to download data from the office? Consider disabling USB ports and any other portable devices. If you have a company intranet disable the ability to download files so work can only be done within the shared area.

3. Control, Control, Control

  • Limit access to the data you need to protect to those who need it, and terminate their access when they no longer need it?
  • What physical security do you have in place?
  • Do you know at all times who should have access or has had access to the data you need to protect?

4. Limit 3rd Party Access

It is not necessary to give full access to your systems to 3rd parties. A well segmented network will allow for limited access to only certain parts. Never give 3rd parties access to your systems indefinitely. Encourage them to agree set times to carry out their work. After this time disable their access.

5. Reusing or disposing old kit? Make sure it is wiped properly

6. Educate your staff

Hackers continuously find new ways to access information, which is why creating a culture of consistent awareness of threats is so important.

One team meeting about cyber security is not enough to guarantee that employees understand how to keep data secure. Cyber-attacks come in many different forms and are always evolving, so everyone needs to be kept up to date on what to look out for.

As we turn 10, even more improvements to our services

1. Better Reporting

You know how you do something one way for so long you fail to see its shortcomings until someone new comes along with fresh eyes and tells you that what you have been doing for so long is, well, meh? This is how we felt recently when we tasked one of our graduates to improve our reporting, really thinking that they would find nothing to improve. But find improvements they did!

Our reports will now allow you to see at a glance what type of issues are affecting your users, include information relating to a particular device plus a chart that will allow you to compare trends through the year. There is so much more valuable information provided in the new reports – there is even a section that outlines the background aspect of our work, so you get a feel of other things we do for you that you don’t see.

We are beta testing the new reports with some of our clients. They go live in September so look out for them – we think you will like them.

2. Model Office Docs

Account Managers have spent time with our customers putting together model office documents for their business. MODs help us define set criteria for each client to ensure that all users have the right IT (hardware and software) that they require to do their jobs.

One benefit of having a predefined MOD is that the new starter process becomes much quicker as the MOD document will contain information that lets us know what the new starter will need on day one. For example, which drives they need access to, printers, permissions etc.

3. Annual Re-Onboard

We allow a six-week period to onboard all customers. This gives us time to get to know the new client – their users, different departments, way of working and IT Infrastructure. Onboard is valuable in ensuring that we can support our new customers adequately, but we know that things don’t always stay the same and often change. Therefore, re-onboarding each year will help keep the information we collated initially during onboard up to date.

4. More Show& Tell Events

Our Cyber Security seminars were well received by clients, so we are looking at doing more of this type of event this year. Service Delivery are in the process of agreeing a subject area, so we will keep you posted.

5. Introducing Performance Tune Ups

We will be arranging performance tune ups for all customers on an annual basis. Performance Tune Ups are like servicing your car but for your IT equipment. These will be performed annually, and service delivery will be in touch to book yours. This is a complimentary service.

6. Include WPRS site as part of DR

A question we often get asked when people subscribe to our DR service is if we also provide a Work Place Recovery Site (WPRS). A WPRS is a site you can go to if for any reason you are unable to use your normal business site (because of fire, flooding, terrorist activity, etc.) Up until recently that answer has been no, however because having a WPRS is an essential aspect of Business Continuity, we have now partnered with several service office providers to ensure we can provide this as an additional service. Prices start from £50/month, please speak to your account manager for further information.

7. Sorry is not enough

The song goes that sorry is the hardest word but sometimes sorry is not enough! We want you to hold us to accountable if we fall to meet agreed SLAs so from 1st September 2018, we will refund you a percentage of your monthly support payment if we fail to meet agreed SLAs. We are in the process of defining the criteria for rebate, these will be outlined in the new reports we send out in September.

To HAAS or not to HAAS…

SMEs have one major advantage over big business. Their very nature means they can leverage technology for a competitive edge much faster than bigger business. Moore’s Law – a concept named after Intel co-founder Gordon Moore which is often used to refer to the quick pace of technology advances – states that computer chip processing power doubles every two years.

Today, about half a century since the creation of Moore’s Law, that time frame is usually quoted as only 18 months, and sometimes even less. This can be problematic for SMEs as they may not always have the resources or cash-flow necessary to keep up with technology changes. A great way to keep current with rapidly evolving IT innovations, while still controlling costs, is Hardware-as-a Service (HaaS).

The concept of Haas has been around for years. When your internet provider installs a new router to replace an outdated one, or your mobile provider sends you the latest mobile phone included in your monthly plan, they are essentially providing hardware along with the service.

Outdated IT equipment can be even more costly, especially to a small or midsized organization. It can lead to poor productivity, lower revenue and lost data. HaaS is essentially leasing IT equipment which your business would otherwise have purchased outright.

Some Benefits of HaaS:


By not having to spend a lot of money upfront for your next major IT upgrade, HaaS has the financial benefit of converting a large capital expense into a more manageable operating expense. This can free up your cash flow and provide more working capital, which is critical to many organizations.

A fixed monthly cost also makes technology expenses budgetable.  HaaS removes the unpredictability factor involved with maintenance and upkeep.


A HaaS solution includes timely upgrades to state-of-the-art technology. This eliminates a great deal of buyer angst which so often accompanies IT purchases.

Remember Moore’s Law? You can’t expect to be successful in tomorrow’s business landscape using yesterday’s tools. HaaS is a great way to stay current with state-of-the-art technology specific to your industry and business goals and needs – from multifunction printers and copiers, to servers, computers, peripherals and more.


The proactive service model associated with HaaS delivers a high level of service integrity and operational reliability. Ongoing support and contact with an MSP is also a good way to ensure the best operating practices are used with your hardware.

Too often, new hardware is purchased and maintenance is neglected due to costs. With a HaaS solution, the equipment and service is included in the SLA. You can forget about the potential implications of equipment failure and system crashes right after a warranty expires. Just let your MSP resolve – or better yet, prevent – the problem.


HaaS has built in scalability. As your organization grows and changes, so does your technology needs. With HaaS you can integrate any number of new components, from one to many, all depending on your business needs.


When it comes to IT hardware and security, new is often better. Network security sometimes requires both hardware and software updates. With HaaS, it is easy upgrade to the latest hardware if it is necessary for security reasons.

There are many more benefits of HaaS than the list provided above. If you would like to find out more about our own HaaS solution speak to Julian on
0121 309 0126.

IT spend a concern? These ideas may help…

Embrace Change

The world is changing rapidly and keeping up with the newest technological advancements will give you options to lower IT expenditure.
Some strategies you could adopt include:
  • Removing manual processes – first identify where your staff could potentially improve, then research methods to decrease paperwork and automate processes.
  • Implementing cloud computing – it can be cheaper to store information, do your accounts, and run a content management system online.
  • Communicate with your staff, suppliers and customers over the Internet at lower cost or even no cost.
  • Allow flexible work hours – depending on your type of business, you may be able to let your staff work when they prefer, and even from home.

Look to the Cloud

Moving data and applications to the cloud will save you money. According to data, from market research firm Gartner, companies who use cloud technology save over 15% on IT procurement and more than 16% on IT maintenance costs. Additionally, those businesses discovered that adopting the cloud fuelled growth and efficiency.
Software-as-a-Service (SaaS) is a good example of the cloud at its best. This is where, rather than owning the software outright, you pay a monthly fee to use the software for as long as you need. Platforms such as Microsoft’s Office 365 allow you to use Office products; for example on a pay as you use basis. You can add or remove users as you wish, plus you get the latest versions at no extra cost.
Smaller businesses may want to consider investing in a cloud server instead of having a physical server on their site. Like SAAS above, customers pay as they use and can increase or decrease resources accordingly.

If all fails…HaaS

Hardware-as-a-service (HaaS) is a procurement model that is similar to leasing or licensing.
In the hardware-as-a-service model, hardware that belongs to a HaaS service provider (HSP) is installed at a customer’s site and a service level agreement (SLA) defines the responsibilities of both parties. Sometimes the client pays a monthly fee for using the hardware; sometimes its use is incorporated into the HSP’s fee structure for installing, monitoring and maintaining the hardware. Either way, if the hardware breaks down or becomes outdated, the HSP is responsible for decommissioning it and replacing it. Depending upon the terms of the SLA, decommissioning may include wiping proprietary data, physically destroying hard drives and certifying that old equipment has been recycled legally.
The HaaS model can be a cost-effective way for small or mid-sized businesses to provide employees with state-of-the-art hardware in a cost-effective manner. Our lead article in next month’s newsletter will be all about Hardware-as-a-service and we will also look at our own Haas offering. 

5 Easy Ways To Disaster Proof Your Business

1. Connect to the Office from Wherever You Are

Our engineers could connect to Supreme and access office tools and files using VPN which stands for Virtual Private Network. We won’t bore you with too much technical information, but a VPN provides a connection via the Internet between a remote PC and your office’s server. It’s like taking a network cable at your office and walking home with it, pulling it through the streets, and plugging it into your laptop when you get home. When you want to access the office server from a remote location, VPN software on your laptop establishes a secure point-to-point tunnel through the Internet with your office to access your data.

There are other remote access tools that allow you to do the same thing. Teamviewer and Logmein are great alternatives but speak to our Service Delivery Team (SDT) about which tool would be suitable for you.

2. Receive & Make Landline Calls Like You Were in the Office

We are massive fans of VOIP. Not only is VOIP so much cheaper than traditional landlines, it is also very portable. Using Supreme as an example, all team members have our VOIP application on their laptops and on their mobile phones so users working from home could continue making and receiving calls as if they were in the office.

3. Get a WPRS

What if the disaster stops you from using the office at all? This happened to a client recently who suffered flooding at their offices. They were unable to use the office for three weeks so staff were moved to a temporary Work Place Recovery Site (WPRS). Typically, a WPRS would be a replica of your main office which will allow for core services to continue.

Maintaining a dedicated WPRS may prove quite expensive so consider sharing a WPRS site with other businesses or even coming to an agreement with serviced office providers. Many will provide office space and internet connectivity at short notice and for flexile terms.

4. Collaborate and Meet Online

If getting a WPRS is not an option, do consider meeting online. Great applications such as Skype for Business or Google+ Hangouts allow you and your team to make conference calls, have online meetings and collaborate remotely on projects.

5. Get a DR solution

We are massive advocates of having a robust DR solution – which goes further than a standard data backup. A good DR solution in our opinion is “insurance” for your critical IT systems and should provide as a minimum, bare metal recovery (i.e. everything restored “as is”) with a range of restore points. Our DR solution 999RESTORE does all this plus provides customers with a loan server if anything were to happen to their server. Find out more about our DR services here or give Julian a call on 0121 309 0126.


“I must, I must, I must improve IT!” – Top 5 New IT Considerations

1. Get going with GDPR

On 25 May 2018 most processing of personal data by organisations will have to comply with the General Data Protection Regulation (GDPR). Currently, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be superseded by the new legislation. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.

Our account managers will be talking to all customers about their GDPR preparations but you can find out more from the Information Commissioner’s Office.

2. Reinforce your Human Firewall

FACT: The cyber thieves are getting smarter at finding ways to steal your information. However it seems like the smarter they get they more complacent we seem to become. When it comes to cyber security there is simply no room for complacency. Hardware and software protection such as Supreme Systems’ ANPS service can only go so far in protecting your IT environment. It is also essential that we all have processes in place that govern the human element in the fight against cyber crime. Our cyber crime seminars have been well received in terms of highlighting some common dos and don’ts. We are looking at more ways to help you reinforce the “human firewall” so watch this space!

3. If all fails…DR?

A recent Gartner survey showed that over 50% of UK businesses have no provision for Disaster Recovery. Statistics such as this are puzzling particularly as most businesses understand the importance of protecting against the unexpected. We all have insurance to protect our buildings, contents, employees and the work we do so why not get protection for your IT systems?

Disaster Recovery in our opinion is “insurance” for your IT, in fact most insurance companies that provide cyber security cover will insist on some sort of disaster recovery plan and system that safeguards your business critical systems. Our DR solution provides a complete bare metal restore (i.e. everything restored “as is”) with a range of restore points. To find out more give Julian a call on 0121 309 0126 for more information.

4. Switch to VOIP and save, save, save!

VOIP has come a long way since the dark days of poor call quality, yet take up in the UK is still not to the levels seen in America. Which is surprising considering businesses stand to save up to 60% on call costs. We are fans of VOIP ourselves and as a 3CX partner we are able to recommend one of the best VOIP solutions in the industry. To find out more give Julian a call on 0121 309 0126 for more information.

5. Time for an upgrade?

Manufacturers recommend a refresh cycle of every 3 – 5 years but not all businesses adhere to this. We have seen 10 year old PCs and servers, bought 15 years ago, that are still in production and these will no doubt cause productivity bottlenecks. We understand that upgrades can be costly so why not spread the cost with HAAS?

HAAS stands for Hardware As A Service and it allows businesses to lease IT Hardware perpetually. It is great for businesses as it reduces capital expenditure and affords for better IT budgeting. Next month our newsletter will focus on the benefits of HAAS but get in touch now if you would like to know more.

12 Steps to Preparing for GDPR

1 . Awareness

You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have and identify areas that could cause compliance problems under the GDPR. It would be useful to start by looking at your organisation’s risk register, if you have one.

Implementing the GDPR could have significant resource implications, especially for larger and more complex organisations. You should particularly use the first part of the GDPR’s two-year lead-in period to raise awareness of the changes that are coming. You may find compliance difficult if you leave your preparations until the last minute.

2. Information you hold

You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit, across the organisation, or within business areas.

The GDPR updates rights for a networked world. For example, if you have inaccurate personal data and have shared this with another organisation, you must tell the other organisation about the inaccuracy so it can correct its own records. You won’t be able to do this unless you know what personal data you hold, where it came from and who you share it with. You should document this as doing so will also help you to comply with the GDPR’s accountability principle, which requires organisations to be able to show how they comply with the data protection principles, for example by having effective policies and procedures in place.

3. Communicating privacy information

You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. When you collect personal data you currently must give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice.

Under the GDPR there are some additional things you must tell people. For example, you will need to explain your legal basis for processing the data, your data retention periods and that individuals have a right to complain to the Information Commissioner’s Office if they think there is a problem with the way you are handling their data.

Note that the GDPR requires the information to be provided in concise, easy to understand and clear language. The Information Commissioner’s Office’s privacy notices code of practice reflects the new requirements of the GDPR.

4. Individuals’ rights

You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format. The main rights for individuals under the GDPR will be:
• subject access
• to have inaccuracies corrected
• to have information erased
• to prevent direct marketing
• to prevent automated decision-making and profiling, and • data portability.

Overall, the rights individuals will enjoy under the GDPR are the same as those under the Data Protection Act but with some significant enhancements. If you are geared up to give individuals their rights now, then the transition to the GDPR should be relatively easy.

This is a good time to check your procedures and to work out how you would react if someone asks to have their personal data deleted, for example. Would your systems help you to locate and delete the data? Who will make the decisions about deletion?

The right to data portability is new. This is an enhanced form of subject access where you must provide the data electronically and in a commonly used format. Many organisations will already provide the data in this way, but if you use paper print-outs or an unusual electronic format, now is a good time to revise your procedures and make any necessary changes.

5. Subject access requests

You should update your procedures and plan how you will handle requests within the new timescales and provide any additional information. The rules for dealing with subject access requests will change under the GDPR. In most cases, you will not be able to charge for complying with a request and normally you will have just a month to comply, rather than the current 40 days. There will be different grounds for refusing to comply with subject access request – manifestly unfounded or excessive requests can be charged for or refused. If you want to refuse a request, you will need to have policies and procedures in place to demonstrate why the request meets these criteria. You will also need to provide some additional information to people making requests, such as your data retention periods and the right to have inaccurate data corrected.

If your organisation handles many access requests, the impact of the changes could be considerable so the logistical implications of having to deal with requests more quickly and provide additional information will need thinking through carefully. It could ultimately save your organisation a great deal of administrative cost if you can develop systems that allow people to access their information easily online. Organisations should consider conducting a cost/benefit analysis of providing online access.

6. Legal bases for processing personal data

You should look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it. Many organisations will not have thought about their legal basis for processing personal data.

Under the current law this does not have many practical implications. However, this will be different under the GDPR because some individuals’ rights will be modified depending on your legal basis for processing their personal data. The most obvious example is that people will have a stronger right to have their data deleted where you use consent as your legal basis for processing. You will also have to explain your legal basis for processing personal data in your privacy notice and when you answer a subject access request. The legal bases in the GDPR are broadly the same as those in the Data Protection Act so it should be possible to look at the various types of data processing you carry out and to identify your legal basis for doing so. Again, you should document this to help you comply with the GDPR’s ‘accountability’ requirements.

7. Consent

You should review how you are seeking, obtaining and recording consent and whether you need to make any changes. Like the DPA, the GDPR has references to both ‘consent’ and ‘explicit consent’. The difference between the two is not clear given that both forms of consent must be freely given, specific, informed and unambiguous. Consent also must be a positive indication of agreement to personal data being processed – it cannot be inferred from silence, pre-ticked boxes or inactivity.

If you rely on individuals’ consent to process their data, make sure it will meet the standards required by the GDPR. If not, alter your consent mechanisms or find an alternative to consent. Note that consent must be verifiable and that individuals generally have stronger rights where you rely on consent to process their data.

The GDPR is clear that controllers must be able to demonstrate that consent was given. You should therefore review the systems you have for recording consent to ensure you have an effective audit trail.

8. Children

You should start thinking now about putting systems in place to verify individuals’ ages and to gather parental or guardian consent for the data processing activity.

For the first time, the GDPR will bring in special protection for children’s personal data, particularly in the context of commercial internet services such as social networking. In short, if your organisation collects information about children – in the UK this will probably be defined as anyone under 13 – then you will need a parent or guardian’s consent to process their personal data lawfully. This could have significant implications if your organisation aims services at children and collects their personal data.

Remember that consent must be verifiable and that when collecting children’s data your privacy notice must be written in language that children will understand.

9. Data breaches

You should make sure you have the right procedures in place to detect, report and investigate a personal data breach. Some organisations are already required to notify the Information Commissioner’s Office (and possibly some other bodies) when they suffer a personal data breach.

However, the GDPR will bring in a breach notification duty across the board. This will be new to many organisations. Not all breaches must be notified to the Information Commissioner’s Office – only ones where the individual is likely to suffer some form of damage, such as through identity theft or a confidentiality breach.

You should start now to make sure you have the right procedures in place to detect, report and investigate a personal data breach. This could involve assessing the types of data you hold and documenting which ones would fall within the notification requirement if there was a breach. In some cases, you must notify the individuals whose data has been subject to the breach directly, for example where the breach might leave them open to financial loss.

Larger organisations will need to develop policies and procedures for managing data breaches – whether at a central or local level. Note that a failure to report a breach when required to do so could result in a fine, as well as a fine for the breach itself.

10. Data Protection by Design and Data Protection Impact Assessments

You should familiarise yourself now with the guidance the Information Commissioner’s Office has produced on Privacy Impact Assessments (PIAs) and work out how to implement them in your organisation. This guidance shows how PIAs can link to other organisational processes such as risk management and project management. You should start to assess the situations where it will be necessary to conduct a DPIA. Who will do it? Who else needs to be involved? Will the process be run centrally or locally? It has always been good practice to adopt a privacy by design approach and to carry out a privacy impact assessment as part of this. A privacy by design and data minimisation approach has always been an implicit requirement of the data protection principles. However, the GDPR will make this an express legal requirement.

Note that you do not always have to carry out a PIA – a PIA is required in high-risk situations, for example where a new technology is being deployed or where a profiling operation is likely to significantly affect individuals. Note that where a PIA (or DPIA as the GDPR terms it) indicates high risk data processing, you will be required to consult the ICO to seek its opinion as to whether the processing operation complies with the GDPR.

11. Data Protection Officers

You should designate a Data Protection Officer, if required, or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. The GDPR will require some organisations to designate a Data Protection Officer (DPO), for example public authorities or ones whose activities involve the regular and systematic monitoring of data subjects on a large scale. The important thing is to make sure that someone in your organisation, or an external data protection advisor, takes proper responsibility for your data protection compliance and has the knowledge, support and authority to do so effectively.

Therefore, you should consider now whether you will be required to designate a DPO and, if so, to assess whether your current approach to data protection compliance will meet the GDPR’s requirements.

12. International

If your organisation operates internationally, you should determine which data protection supervisory authority you come under. The GDPR contains quite complex arrangements for working out which data protection supervisory authority takes the lead when investigating a complaint with an international aspect, for example where a data processing operation affects people in several Member States.

Put simply, the lead authority is determined per where your organisation has its main administration or where decisions about data processing are made. In a traditional headquarters (branches model), this is easy to determine. It is more difficult for complex, multi-site companies where decisions about different processing activities are taken in different places. In case of uncertainty over which supervisory authority is the lead for your organisation, it would be helpful for you to map out where your organisation makes its most significant decisions about data processing. This will help to determine your ‘main establishment’ and therefore your lead supervisory authority.


2017 IT Resolutions

1.       Do Some IT Housekeeping.
March is traditionally the time for a good spring clean and this should also apply to business as well! Organise a clear out of defunct machines, tidy up your server room do away with unruly cables. Get labelling and…
2.       …create an asset register.
This way you know what IT assets you have avoiding any unnecessary expenditure in the future. An asset register also ensures that you can better prepare for future investment in IT (refresh cycles).  We maintain asset registers on behalf of all our clients, if you need help creating your own asset register there are some great software that will help you do this automatically such as this one
3.       Start thinking ahead and plan for the future.
Many businesses already know what their short, mid and long term goals are, so ensure IT is aligned by having an IT Strategy. Do a Google search, you will find some great templates.
4.       Think of the environment and Go Green!
There are so many ways in which you can adopt a Green IT ethos into your business. Looking to The Cloud is one way to achieve your green credentials. Cloud Computing can mean so many different things (hosted server, hosted mails, hosted applications). Throughout 2017, we will be extolling the virtues of The Cloud and showing you ways in which your business can benefit from it.
5.       Reduce Your Phone Bill…with VOIP.
VOIP stands for Voice Over IP and it basically means making calls using the internet. Although it’s take up is growing, the use of VOIP still has not reached the levels as seen in America for example. Which is surprising given how much money you can save over standard PSTN. We will be discussing VOIP as part of our Cloud Computing series so watch this space…
6.       Are You Secure?
Along with the IT Housekeeping how about organising a Security Audit? Good IT security is essential in these times so audit your IT environment to plug any gaps in your security. See our guide here for some tips
7.       Get Smart, Get DR!
There we go again sounding like a broken record but…having a good DR solution is the most important resolution you can make this year. Look for something that ensures that you are back up and running in the shortest time possible. Our 999RESTORE service is a great DR solution if you are looking. We guarantee a 1hr Return Time of Service (how much time you are down for) and a 1hr Return Point of Service (how much data max you will lose). Find out more here