What is GDPR?
The General Data Protection Regulation builds on existing Data Protection responsibilities and regulations and extends those responsibilities. Businesses are legally obliged to keep the data they hold secure, and to only use it for agreed purposes. There are heavy penalties for data security breaches, whether accidental or through misconduct.
For most businesses this means that there are several different angles to look at. You need to consider how your I.T Systems are set up, what I.T Security is in place, and what your I.T Policies are for Data Security and Data Usage.
The bullet lists on this page give you a number of key questions to consider. G.D.P.R is a complex area but we can guide you through the key things you need to have in place and help you ensure that you never have a data breach.
Give us a call to talk about how we can help you to remain G.D.P.R compliant.
- Is your incoming and outgoing email journaled, could you look back over 12 months on any external email?
- Are all of your Servers, Computers and Laptops patched on a regular basis?
- Are your Computers and Laptops encrypted?
- What if a Laptop was left on a train or in a taxi, is the Data contained on it stored in a Secure State and Encrypted?
- Is your Data Backup granular and offsite?
- Can you Restore Data back from a minimum of 3 months ago?
- Are your software Applications and Programs purchased from a reputable source or were they from the cheapest place you could find on the internet?
- Do you have an I.T Asset List and know what I.T Equipment you have?
- Can you guarantee the Safety and Protection of Customers Data within the confines of your Computer Systems?
- Have you set policies on screen savers to blank computer screens if they are left unattended?
- Do you have any intruder detection policies set?
- Do you have laid down password policies on how often passwords should be changed and if they should be complex?
- Do all of your staff have local administrator rights on their computers, do they need local admin rights to do their job?
- Do you have a reputable and capable anti virus, anti malware and ransom ware protection system?
- Does anyone check your antivirus is up to date and in an effective state?
- Do you have a suitable firewall separating your internal I.T Systems from the internet?
- Do you have a dual filtered incoming Email Spam Detection System?
- What staff have remote access or work at home access to your computer systems?
- How does your company handle the storage of data? Does everyone have access to everything or have you segmented your data giving your staff access only to the data they need to do their job?
- Are your staff educated to report any mistakes, i.e. clicking on a spam email or suspicious document?
- Do you assess how you can reduce human error? For example, emailing the wrong customer with someone else’s information?
- Do you have a Data Leakage policy
- Policies and Procedures - do you have a written down policy on how staff manage customers data and does your staff follow that written down policy?
There's a lot to think about in a GDPR compliance project, but it's far better to put your effort into ensuring you are aware of the requirements and comply with them so that you never have to report a loss of data and deal with the consequences.
We have helped many customers upgrade their systems to comply with the new Regulation. Give us a call to discuss how we can help you