Unsurprisingly, GDPR is bringing new focus to how organisations look after their data. The change in the law could cost up to €20m if your business gets it wrong. But how ready are you?
As we all know, in today's interconnected and multi-device world, sensitive and valuable data is created and held in many different places. And while this is great for mobile working and business agility, it causes serious challenges when it comes to protecting and managing data.
GDPR has put new emphasis on data protection (and made it more of a security issue). But many companies still don't understand what is
required of them or where to begin. Others are still developing their plan.
This briefing will help people make a start and highlight things to think about further down the line too.
The main points of GDPR:
- This new legislation, which strengthens data protection rules, has already been adopted as UK law and will be enforceable from May 2018
- It brings in much higher penalties for data breaches (up to 4% of global turnover or €20 million). The current maximum is £500,000
- Organisations must show a risk-based approach to data security
- New rules on saving, sharing and deleting personal information are introduced
- Organisations must report data breaches to the regulator (within 72 hours)
- This legislation affects every organisation that handles EU citizens' personal data – no matter if they’re inside or outside the EU
For more information:
- See the ICO's advice on GDPR here
- Our CEO Joe Jouhal has also advised business leaders on GDPR and Brexit in the New Statesman. See more here
Where to start with GDPR
One of the biggest challenges for an organisation is to understand what data they have and where it is held.
Data is held in many different places - from servers to mobile phones and memory sticks - but without knowing exactly what you've got or where it can be found, it's impossible to make sure it's protected.
To do this quickly, efficiently and cost effectively, many companies are using special technology. We recommend technology that helps you discover:
- What sensitive data your organisation has
- Where it’s stored
- What changes you can make to protect it
It's often the first step people take to prepare for GDPR.
Call our data security advisors on 01296 621121 email: cybersecurity@avatu.co.uk to find out more.
What's next?
Once you know what data you have and where it's held, you need to develop a risk-based assessment on what's needed to keep it safe.
This could include:
- New technology that solves the problem of malware reaching systems through email attachments. 85% of malware reach data and systems this way
- Extra protection for documents where you cancontrol who can read, copy, print, or even screen-print your documents (and how you can remotely remove those permissions if things go wrong)
- Software which helps companies measure and track how their staff are working with valuable data
- Technology which detects breaches quickly and helps organisations reduce the impact of a breach by reducing the time hackers have on systems - and helps report breaches to the GDPR regulator within 72 hours
- How to use digital forensic technologies as part of your security defences
Call our data security advisors on 01296 621121 email: cybersecurity@avatu.co.uk to find out more
Join our GDPR mailing list