With the new GDPR coming into force, it’s important to understand your legal obligations. We appreciate that GDPR isn’t that simple but at GreenCity Solutions, we have put together some things to consider and outlined how we can help when it comes to your data security.
GDPR – A Brief Overview
On 25th May 2018, within Europe, GDPR (General Data Protection Regulations) will replace all localised data protection regulations. If you fail to meet the required standard, organisations can expect a fine of up to €20million, or up to 4% of annual turnover, whichever is greater.
GDPR covers two main aspects within the realms of data protection:
- It protects the data rights of EU citizens and
- It protects their privacy (their personal data).
This ruling covers all businesses that operate within the single market, including non-EU businesses who deal with EU customers. The important things to know are: –
- Report data breaches within 72 hours; and prove due diligence in preventing them happening again
- The right to be forgotten: erase all of an EU citizen’s personal data upon their request
- Data portability: provide all personal data of an EU citizen in a format accessible to them
- International transfers: ensure data is only transferred to other GDPR compliant organisations, or those within jurisdictions deemed ‘adequate’
Understanding the data you possess is one thing, but knowing how secure it is, is another.
Having the right IT systems and security measures in place is one of the basic fundamentals that can prevent any security breaches that could risk noncompliance within GDPR.
Things to consider
Below, we have outlined a few things to consider and actions that can be taken within your organisation in the run up to, and after the GDPR deadline to reduce your risk of a data breach.
1. Where is your data?
Make sure you know where your data is. You should have created a data map to ensure you know where all of your data is at any time and so it can be easily found and deleted when requested.
2. Third-party Providers
Wherever your data is should also be GDPR compliant. Do you use any third-party service providers? Do they process any data on your behalf? If so, ensure any supplier you are using is compliant.
3. Electronic Devices
Any device (e.g. mobile, tablet, laptop) that holds personal data should be tracked and audited. You will need to know who has access to personal data and how.
4. Administrative access
How many users within your organisation has administrative access to the network or other systems. Reduce the number of admins within your organisation to reduce the risk of a data breach and only allow people administrative access if it is absolutely necessary.
5. Data access review
As above. Data access should be user-based and be included in part of the data map. Ensure no one has unnecessary access to data.
6. Remote access and erasure rights
In the event of theft or loss of electronic devices, you will need to be able to protect or remove access to personal data.
7. Staff Training
Nearly 60% of cyber-attacks come from staff members clicking on infected or malicious links/files. Train your team to prevent basic errors, including what to look out for.
8. Reporting a data breach
If in the event of a data breach, it is important to report it to the Information Commissioner within 72 hours and you must be able to prove due diligence in preventing them again.
At GreenCity Solutions, we have a number of solutions available and can help implement the required IT systems to help you stay compliant including: monitoring and security software, secure file sharing platforms and password policies.
Protect further with a Cyber Essentials Certificate
Cyber Essentials is a Government backed scheme that helps organisations protect against a whole range of the most common cyber-attacks. It’s a simple but effective certification that can protect your data getting into the wrong hands.
At GreenCity Solutions, we can help you prepare for your Cyber Essentials certificate and provide the independent certification board required. We will work with you throughout the process, recommending appropriate systems, software and hardware to ensure that any data that you hold, is protected.
To help protect you and your staff against any malicious attacks and ultimately causing a breach of data, or to discuss any of the above, please contact us at GreenCity Solutions on 01733 667755 or email us at getintouch@greencityict.co.uk.
We’re here to help.
