IT Security and GDPR – Is your business ready?
IT Security and GDPR – On May 25, 2018, the General Data Protection Regulation will come into effect and it has major implications for all UK businesses. GDPR introduces sweeping changes to the way that businesses gather and retain data, and if your business is not yet GDPR compliant, you need to act now. Here is a brief guide to GDPR and its implications for business.
What is GDPR?
GDPR is a new EU regulation that applies to any business and organisation that provides goods or services to EU individuals or that monitors the behaviour of EU citizens. The law represents a major change to the way organisations handle data, and introduces a number of requirements for businesses. It also provides rights for individuals, who will be able to access, correct or remove any personal data held by an organisation, and for them to take legal action against an organisation that holds their data. Any organisation that breaches these rights could be hit with fines of up to 4 percent of turnover or 20 million euros (whichever is greater).
What areas does your business need to review?
To manage GDPR compliance, it is vital to make sure that one person or a team is given the task of assessing how the new rules will affect your business, focusing primarily on these areas:
Procedure
A good starting point is to carry out a data audit establishing where and how your business stores data, how much of it you retain and what it is used for. Another important step is to set up and deliver training for all employees to ensure they understand the new data procedures and the importance of compliance.
GDPR and technology
Your business’s technology infrastructure must be able to handle the requirements of GDPR, which requires organisations to document and report on where it keeps its data, how it is stored, obtained and used, and who has access to it. GDPR also requires you to ensure that security measures are robust enough to prevent unlawful data disclosure.
Implementing technological solutions will help you to manage and maintain your data, protect you from unlawful breaches, and give you a clear picture of what data your business holds. While there are useful applications available to help with GDPR compliance, no single software tool will provide a complete solution, as every business will need to take a different approach to GDPR.
GDPR and governance
Once your business is GDPR compliant, you will need to ensure that you have procedures in place to monitor data storage and processing. If your business has over 250 employees, you should think about appointing a Data Protection Officer who can monitor data processing across the organisation and act as a central contact point for all GDPR issues.
The Information Commissioners Office (ICO) have also compiled a comprehensive document on twelve major steps for businesses to take in line with GDPR, available here as GDPR ICO 12 STEPS or on their ICO website.
IT Security and GDPR – How can AMJ IT help with GDPR compliance?
AMJ IT are experts in the field of IT security and IT compliance and we can assist you with every aspect of your technological GDPR compliance.
Data Classification
A key part of GDPR compliance is to undertake a data protection review. You need to establish what kind of data is flowing through your business and how well it is protected. At AMJ IT we can help you to set up a robust data classification system that includes useful features such as email alerts when someone attempts to access sensitive information, making it easier for your data controller to stay on top of your data protection commitments.
Encryption
Encryption turns data into code that requires a password to read. We can help you to introduce this widely used method of security, enabling you to better control access to your data and safeguard against the risk of data theft or loss.
Two-factor authentication
Given the increasing risk of cyber-crime, organisations are opting to introduce two-factor authentication (2FA), which involves the use of username, password and a piece of unique information, such as a fingerprint or personal ID number. We can introduce 2FA to your business, which will make it easier to comply with GDPR.
Antivirus and anti-ransomware
Maintaining the security of data held by organisations is a key requirement of GDPR. Over 50 percent of UK businesses have been hit by ransomware, which locks you out of all devices and demands a ransom to regain access. AMJ IT can set up an effective antivirus and anti-ransomware framework for your business, which will identify and remove any suspicious software and block ransomware attacks, giving you the best possible protection.
Device management
We can create an effective device management system that will give your IT team the ability to monitor, secure and manage all devices used by your organisation, from smartphones to laptops, making it easier to ensure that your business network is secure and GDPR compliant.
Access and identity management
Ensuring that employees have the correct level of data access at all times is a key component of GDPR compliance. Our experts can help you to streamline and centralise your access management system, giving you the necessary control over data access.
Backup
The risk of cyber attack is higher than ever and ensuring that your data is securely backed up is another important aspect of GDPR compliance. We can help set up automated cloud-based back-ups to take the worry out of this aspect of data management.
Exploit prevention
Cybercriminals are always designing new ways to attack IT vulnerabilities. These ‘exploit’ attacks can have a variety of negative effects, from application failure to the exposure of data. AMJ IT can help you to set up an exploit prevention shield that will protect your organisation’s IT vulnerabilities and ensure that you meet your GDPR requirements.
Patch Management
As part of your GDPR obligations, you need to ensure that your IT software is up to date. Older versions of software are more vulnerable to cyber attack so AMJ IT can help you to introduce effective patch management, ensuring that all software is up to date and that you are doing all that you can under the requirements of GDPR to keep your data safe.
AMJ IT is a dedicated IT Company specialising in IT support London and IT Support Kent and England South East, with experts in every field of IT support and security and we can help you to make sure that you are GDPR ready by May 25. Get in touch today and find out what AMJ IT can do for your organisation.
Please note that the above information provided in not an exhaustive review of all the elements of the regulation and what you need to look at depends on your organisation’s particular circumstances. This material has been prepared for informational purposes only, and is not intended to provide, and should not be relied on for legal advice. You should consult your own legal advisors where required.
Useful websites: