EOL IT Services – Thought Leader – Data Protection
Jan Smith, a Multiple Award Winning Business Woman and a Thought Leader with over 30 years’ experience in IT Service Delivery, is the CEO and Founder of EOL IT Services. Founded in 1996, the company is positioned in the top 10 of Information Technology Asset Management and Data Security service providers. EOL has seen many challenges in a sector which still continues to mature, regulate and evolve. The company is a privately owned business, holding the highest number of accreditations in the UK within the IT disposition/data security sector, which demonstrates commitment and willingness to maintain high standards and a welcome to outside auditors to scrutinise EOL’s data security focused processes. Here Jan provides a rich insight into the data protection sector in the UK and tells us all about EOL IT Services’ achievements that make her feel proud of her company.
As a professional with a wealth of experience in the IT services field – what are the most common issues that you assist clients with?
Technology continues to develop and offer solutions. In our sector, clients seek solutions to protect their organisation from those who wish to steal their IP for financial gain or to discredit, their valuable hard won reputation. But however technology develops, it can’t prevent human error. Internal processes are equally important, especially when choosing a managed service supplier to support and adhere to corporate obligations. EOL continues to advise clients on these challenges and risks, making them aware of how they can prevent them.
What are the particular legal issues that UK businesses face in relation to new technologies? How do you assist clients with developing appropriate IT policies?
Financial and legal sectors have their own inherent compliance obligations, but to protect an organisation, they must 1st enforce a commitment to ISO 27001 developing a robust, Information Security Management System. Sadly many still don’t. With the EU GDPR advancing, regardless of Brexit, this is even more crucial than ever. EOL have over 200 policies that are followed as a ‘compass for performance’ underpinned by ISO 27001. Larger organisations often have fragmented or diluted approaches to such matters, due to structure, stakeholders or location spread, over such crucial areas. This can cause unexpected data breaches, driven by weak ineffective processes.
Your firm advises clients on data security- related matters – how robust would you say is the current data protection legislation, considering the fast-moving nature of the field?
Given that often information is held in more than one country, in what ways do the EU data protection regulations support the UK framework? I have already suggested implementing a company-wide ISO 27001 ISMS policy. The EU GDPR will deliver much-needed scrutiny and control over the choices of suppliers who process and responsibility by controllers, who create the data. A ‘code of conduct’ holding each party to account is now crucial. The ICO if advised of a ‘data breach’, will thoroughly investigate the safeguards an organisation has put in place, to mitigate such occurrences. If found wanting, the financial penalties will, as described, be severe. EOL are constantly advising clients over such risks. Our own publications and legal documents are being revised, in order to reflect this changing landscape. The damaging effects following exposure of confidential client data, alongside the impact on the supplier, will be jointly disastrous. Sadly, it is human nature that we need to witness an event before we believe it’s happened. The EU GDPR will give the ICO teeth to deliver the published levels of fines for proven neglect by all parties.
Do you see the need for any legislative change regarding data protection in the UK?
We must rely on legislators to bring about change from recognised need. This takes time and cost to implement and then bring into law. The only comment I would make, is that the existing DPA could and should have been more rigorous in its enforcement, especially in this data security sector. More should be held to account over obvious neglect and complacency. Maybe we are driven by personal agendas and not recognising national agendas.
What has been your flagship piece of work and how did you apply particular thought leadership to this scenario?
Over 20 years in this sector, we’ve had our fair share of challenges. My ‘thought leadership’ approach must always be Teamwork and Understanding of the objective. I remain a ‘can do’ individual – also displayed throughout the business and adopted by our great team. The ‘flagship’ scenario would fall into 3 categories.
(1) A challenging piece of work was a project for 30,000 IT Assets to be removed in under 6 weeks from Canary Wharf. Carried out with precision and diligence.
(2) In 2015 we visited 36 overseas countries. Most were with EOL staff and only a handful utilising partners.
(3) This would be the ongoing improvement of services carried out on a daily basis.
Do you have a mantra or motto you live by when it comes to helping your clients?
Just enough is never enough. I expect more than average from my staff, and more importantly, from myself. The second, would be to listen to your ‘own gut compass’. This has guided me through my business and personal life. After all, when your team look to you for strong leadership, if it feels wrong, it probably is the wrong decision.