Posted: Saturday, 18 November 2017 @ 16:48
In April/May 2018, the Data Protection Act will be replaced
with the EU’s General Data Protection Regulation (GDPR). As well as extending
the DPA, it involves much higher penalties for companies who don’t comply with
new rules around the storage and holding of personal data. Fines could be up to
£18m or 4 percent of turnover, depends on which is the highest.
So, what does the changes entail? You can read the full
details on the Information Commissioner’s Office, but the key points are:
The definition of data will be wider, for
instance, it will also cover children’s data, and an online identifier such as
an IP address could be classified as personal data.
The rules for obtaining consent have been
changed, an audit trail must be maintained
Notification of data breaches will be mandatory
People/Companies have the right for their data
to be forgotten
While the Information Commissioner’s Office has a useful
guide to steps that you can take now, our advice is to take a step back and
start by undertaking a review of your IT Security as a whole (link to contact
Even the smallest of business typically has a website and
uses smartphones, tablets and laptops. Balancing opportunity with accommodating
your people’s need to have anytime, anywhere and from any device access, while
staying on the right side of the GDPR will be a delicate balancing act.
The wisest move is to bring in some help to create and
deploy the right solution for your business. Make sure you can appoint the right people who are experts in topics such as external security, data leakage, encryption,
etc and have a track record in a successful implementation and support.
Some basic points to consider:
Backup: if you
don’t backup your data securely, and hold it off-site or split between sites,
there is a high possibility for it to be lost.
you know where your data is stored and how it is accessed? Data centre models,
with multi-layered monitoring and security, are super-safe, and cost effective
even for small businesses.
and monitor staff policies; particular those around updating both company and
personal mobile devices that use to connect to your network.
Use the available tools and keep up to date: even the
smallest businesses should have a firewall, anti-virus software and email spam
filters in place.
If you have any queries, don’t hesitate to contact us on
01455 554708 or firstname.lastname@example.org