GDPRGeneral Data Protection Regulations

GDPR or General Data Protection Regulation is a new law that came into effect 25th May 2018.  GDPR has been designed to strengthen data protection for all individuals with the EU. It has been stressed, that even though the UK is leaving the EU, GDPR will still become law.

GDPR is a bit of minefield, but Unleashed will try to de-mystify it for you, and keep it simple.

It is almost weekly that a big company suffers a data breach, or as we like to say – has been hacked! The scary thing is, these are only the ones you hear about. The good news is GDPR is designed to protect your personal information and identity. For the first time, legislation is making business responsible for protecting your identity.

Under the new legislation, if your business suffers a data breach, you will receive punitive fines of up to 4% of global turnover. To put this in perspective, for example. In 2015, Walmart, the owners of Asda had a total revenue of £$482 million dollars (Fortune 500) If they had to pay 4%, then the cost to them would be $19 million or approx. £14 million. This means the business has to take notice.

Useful information

  • What type of data is protected?

Personal identity data. This includes name, address, phone number, bank/credit card account details, email address and IP address.

  • Who does it effect?

Companies based in the EU that collect or hold data on EU citizens, regardless of where they live

  • How does it affect you?

The new legislation covers the requirements for collection, storing and recording personal data. All processing of data and new regulations surrounding how we notify of a data breach and the penalties incurred. If a company has been subjected to a data breach, they have 72 hours to report it.

In a nutshell, GDPR means that business has to be aware of where your data is stored. Who has access to the data, and more importantly. Who should have access to that data?

Now you know what GDPR is, how can you as a business, get ready for it?

First of all Unleashed recommend you read the overview as published by the Information Commissioners Office. But to help you, here are a few things you should be thinking about.

  • Look at access controls to your sensitive data
  • Restrict processing – Automate and impose access rights.
  • Right to erasure, or the right to be forgotten. Are you able to find specific data and remove it?
  • Notification of data breach – Detect abnormal activity and create an incidence response plan.
  • Personal data for marketing – if a person objects you must remove their details from your direct marketing.

Steps you can take to mitigate risk to your business.

  • Data Storage

Where is your data stored? In particular your unstructured data – documents, presentations, and spreadsheets.

  • Metadata

The new legislation is all about minimising personal data retention. You will need to know, why it was collected and review it periodically to see if it is still needed. If not, it needs to be deleted.

  • Governance

You need to understand who is accessing data on your corporate data stores and look at access controls. If someone doesn’t need to see it – they shouldn’t be allowed to.

  • Monitoring

This is going to be down to the data controller, or more often than not the IT Manager. Under new regulations, you have to show you are always monitoring. This means you need to be notified immediately of any unusual activity on your network. If a breach occurs you have to report it to your local data authority within 72 hours. Failure to comply will result in fines.

Confused?

Don’t worry, Unleashed are experts at data storage, access rights and understanding how you can help protect yourself. We have partnered with a number of partners to provide the perfect solution for your business.

Contact

If you’re interested in talking about how GDPR.

For more details on our Cybersecurity services….

Contact