GDPR, Confused? Well everyone I have spoken to certainly is! In fact, it has taken me nearly 3 months to get to the bottom of what IT Directors/Managers have to do to ensure you are GDPR (General Data Protection Regulations) compliant. In one sense it is quite funny that the search term GDPR, Confused? Gets so many hits, but that is the main problem! Nobody really know what will happen come 25th May 2018.
Well after hours, weeks and months talking to so called experts, reading the GDPR act and watching a lot of on-line Webex’s, I think I can safely say I think I understand what, as an IT professional your have to do!
GDPR is replacing the old DPA (Data Protection Act, 1998). The DPA was fine for its day, but things have now moved on. This has been driven by greater use of the Internet, Technology and Cyber Crime. No longer is a Firewall and Antivirus going to be enough to protect your business.
The one scary thing for your business that is quite clear. If you are breached, you have 72 hours to report that breach to the ICO. This is from the time you find the breach. As we all know, that is the main worry and the hardest part. If you fail to report, you are liable to a 2% or 4% fine on your global revenue (depending on what bracket you fall into).
You need to approach Cyber Security from many different angles and unfortunately many different solutions – no one hardware or software product will give you a complete solution. The secret is finding what is right for your business!
I think, from an IT perspective the one part of the GDPR that worries me most and is going to cause the most confusion and cost is all around breach notification.
This means, what do you do if you find a breach in your IT Systems? – However, what you should be asking yourself, is how do I detect a breach in the first place? This is the main concern for an IT Manager and if it isn’t, it should be. Why? Because if you are negligent it could cost you your job, your company a heavy fine and a director a personal fine!
So, for those reasons alone, you need to look at your IT security very seriously – this means beyond Firewalls and Anti-Virus.
GDPR, Confused? Still…
To help you, Unleashed, has put together a threat table and how each element is covered under the GDPR regulations. This means, if it is covered under GDPR and you get breached, you will need to tell the ICO what happened and how you are mitigating against any further breach.
Now, we come onto the part that is not so easy to protect against and more difficult to find any breachOne thing I would like to point out, Unleashed are not in the business of scaremongering. We are here to help you and ensure you don’t spend more money that you need to. For this reason, we have spent a lot of time and effort in trying to de-mistify GDPR when it comes to the IT side of things.
One way you can help you, is to ensure you have a full audit trail of who is doing what, why when and how. This is using Insider Threat Protection software. This software has been designed to alert you to any abnormal behaviour, this could be a virus/botnet or misuse of systems by a user. This is really the only way to see if you are breached and provide the ICO with a full report.
Unleashed, has looked at many systems to find one that will suit businesses of all sizes. The good news, is we have come up with a variety of software products that can do the job.
If you are still GDRP, Confused? Or more confused after reading this article then contact Unleashed for an initial chat? Hopefully our straight talking will help you.