GDPR related tender questions help:
GDPR – it probably feels like this 4 letter acronym is everywhere since the EU brought in its new data protection law in 2018. GDPR stands for: The European General Data Protection Regulation
In simple terms GDPR establishes the rules about how companies, governments and other entities can process the personal data of citizens who are EU citizens or residents (this still affects UK business and citizens despite our decision to leave the EU).
According to the EU’s GDPR website, the legislation is: “designed to “harmonize” data privacy laws across Europe, providing greater protection and rights to individuals.”
We work with a lot of SME’s and for organisations of this size we know that the introduction of this new regulation was a confusing time, particularly in understanding how they would ensure they were compliant and rightly so as communication from the EU was poor.
Around the time GDPR was introduced a lot of organisations focused on ensuring customers were re-opting in to continue to receive marketing communications from them. However GDPR is about so much more than that. Under this new regulation businesses must ensure that all of the personal data they hold within their organisation is completely secure and not at risk of being stolen by a cyber criminal.This security of personal data applies whether that person is a customer, supplier or a staff member. This includes businesses that are not even based within the EU but that hold data for individuals that are.
As was inevitable, we are now beginning to see public sector buyers asking more GDPR tender questions and wanting to see evidence surrounding a bidder’s GDPR compliance.
There is a handy website https://gdpr.eu/ that provides some really useful information about how to check you are GDPR compliant and what steps to put in place to control GDPR long term. The https://gdpr.eu/checklist/ is particularly useful and it breaks GDPR compliance down into 4 areas:
- Lawful basis and transparency
- Data security
- Accountability and governance
- Privacy rights
We would recommend you use this as a checklist to form a GDPR compliance policy that can be referenced in tenders to show you understand and are aware of the requirements of GDPR. From this policy additional supporting documents can be created including process flows, how you deal with breaches in compliance and similar. We are available to assist with the writing of all of these documents, even if they aren’t for an immediate tender we can help you to get them ready for your next tender submission.
Probably the most important element to GDPR is Data Security. In tenders, public sector buyers will be looking for proof as to how your organisation stores its data securely. We believe the simplest way to show your approach to Data Security is compliant, is to be accredited in Cyber Essentials, a scheme introduced by the National Cyber Security Centre (part of GCHQ).What is great about this certificate is that you can self certify or you can choose to go the whole hog and be audited, much like any ISO standards you may hold.
The Cyber Essentials scheme addresses the most common internet based threats to cyber security — particularly, attacks that use widely available tools and demand little skill. The scheme considers these threats to be:
- hacking — exploiting known vulnerabilities in Internet-connected devices, using widely available tools and techniques
- phishing — and other ways of tricking users into installing or executing a malicious application
- password guessing — manual or automated attempts to log on from the Internet, by guessing passwords
We have created partnerships with data protection specialists that can provide you with additional support on this topic when responding to a tender. Their specialist expertise can assist with policy creation and guidance, as well as tender specific specialist input.
View the website of one of our partners here: https://www.dataprivacyadvisory.com/
Here at Tender Victory all of our writers are increasingly familiar with responding to GDPR and data security related tender questions so if this is causing you a headache at this time please do get in touch and use our expertise and expert associates to guide you through this new and sometimes tricky area!
Liked this blog? View our full raft of blogs here.