What you need to know about GDPR

Posted: Saturday, 18 November 2017 @ 16:48

In April/May 2018, the Data Protection Act will be replaced with the EU’s General Data Protection Regulation (GDPR). As well as extending the DPA, it involves much higher penalties for companies who don’t comply with new rules around the storage and holding of personal data. Fines could be up to £18m or 4 percent of turnover, depends on which is the highest.  

So, what does the changes entail? You can read the full details on the Information Commissioner’s Office, but the key points are:  

·      The definition of data will be wider, for instance, it will also cover children’s data, and an online identifier such as an IP address could be classified as personal data.

·      The rules for obtaining consent have been changed, an audit trail must be maintained ·      Notification of data breaches will be mandatory

·      People/Companies have the right for their data to be forgotten  

While the Information Commissioner’s Office has a useful guide to steps that you can take now, our advice is to take a step back and start by undertaking a review of your IT Security as a whole (link to contact page).  

Even the smallest of business typically has a website and uses smartphones, tablets and laptops. Balancing opportunity with accommodating your people’s need to have anytime, anywhere and from any device access, while staying on the right side of the GDPR will be a delicate balancing act.  

The wisest move is to bring in some help to create and deploy the right solution for your business. Make sure you can appoint the right people who are experts in topics such as external security, data leakage, encryption, etc and have a track record in a successful implementation and support.   Some basic points to consider:  

Backup: if you don’t backup your data securely, and hold it off-site or split between sites, there is a high possibility for it to be lost.  

Control: Do you know where your data is stored and how it is accessed? Data centre models, with multi-layered monitoring and security, are super-safe, and cost effective even for small businesses.  

Policies: Create and monitor staff policies; particular those around updating both company and personal mobile devices that use to connect to your network.  

Use the available tools and keep up to date: even the smallest businesses should have a firewall, anti-virus software and email spam filters in place.  

If you have any queries, don’t hesitate to contact us on 01455 554708 or info@itservicesconnected.co.uk

©2024 Davis IT Services Support Ltd  | 
Website Design
  By Zarr