It is almost weekly that a big company suffers a data breach, or as we like to say – has been hacked! The scary thing is, these are only the ones you hear about. The good news is GDPR is designed to protect your personal information and identity. For the first time, legislation is making business responsible for protecting your identity.
Under the new legislation, if your business suffers a data breach, you will receive punitive fines of up to 4% of global turnover. To put this in perspective, for example. In 2015, Walmart, the owners of Asda had a total revenue of £$482 million dollars (Fortune 500) If they had to pay 4%, then the cost to them would be $19 million or approx. £14 million. This means the business has to take notice.
- What type of data is protected?
Personal identity data. This includes name, address, phone number, bank/credit card account details, email address and IP address.
Companies based in the EU that collect or hold data on EU citizens, regardless of where they live
The new legislation covers the requirements for collection, storing and recording personal data. All processing of data and new regulations surrounding how we notify of a data breach and the penalties incurred. If a company has been subjected to a data breach, they have 72 hours to report it.
In a nutshell, GDPR means that business has to be aware of where your data is stored. Who has access to the data, and more importantly. Who should have access to that data?
Now you know what GDPR is, how can you as a business, get ready for it?
First of all Unleashed recommend you read the overview as published by the Information Commissioners Office. But to help you, here are a few things you should be thinking about.
- Look at access controls to your sensitive data
- Restrict processing – Automate and impose access rights.
- Right to erasure, or the right to be forgotten. Are you able to find specific data and remove it?
- Notification of data breach – Detect abnormal activity and create an incidence response plan.
- Personal data for marketing – if a person objects you must remove their details from your direct marketing.
Steps you can take to mitigate risk to your business.
Where is your data stored? In particular your unstructured data – documents, presentations, and spreadsheets.
The new legislation is all about minimising personal data retention. You will need to know, why it was collected and review it periodically to see if it is still needed. If not, it needs to be deleted.
You need to understand who is accessing data on your corporate data stores and look at access controls. If someone doesn’t need to see it – they shouldn’t be allowed to.
This is going to be down to the data controller, or more often than not the IT Manager. Under new regulations, you have to show you are always monitoring. This means you need to be notified immediately of any unusual activity on your network. If a breach occurs you have to report it to your local data authority within 72 hours. Failure to comply will result in fines.
Don’t worry, Unleashed are experts at data storage, access rights and understanding how you can help protect yourself. We have partnered with a number of partners to provide the perfect solution for your business.