With just 140 days left until GDPR comes into effect, the first half of 2018 is likely to be heavily focused on organisations preparing themselves. GDPR is set to transform the cyber-security landscape for decades to come and as the deadline fast approaches many companies are still unsure what is required to gain compliance. For those of you that have been hiding under a rock for the last year lets here is a quick summary of what the GDPR is:
What? The EU General Data Protection Regulation (GDPR) strengthens data protection for EU citizens’ personal data.
Who? All organizations that hold personally identifiable data on EU citizens (e.g. email address, photo, medical information).
When? Deadline: 25th May 2018 (Although many countries are implementing it sooner).
Why? Fines up to €20m or 4% worldwide turnover (whichever larger) for breaches of personal data.
Although this may seem like a lot for business to take on it actually provides huge benefits. The new regulations will provide clarity and consistency across all businesses that deal with EU clients. With stringent data protection laws being enforced this rebuilds a sense of trust for clients that have had their confidence knocked following several highly publicised cyber attacks. The data protection reform will allow businesses to realise the potential of the Digital Single Market. Creating a one-stop-shop for businesses, making it simpler and cheaper for companies to do business in the and with the EU, dealing with just one single supervisory authority rather than 28. It will also level the playing field, applying the same rules to all companies, regardless of where they are established.
So what do you need to do to prepare for the GDPR?
Stop the causes of data loss
Companies, even if they decide to do nothing else to get ready for the GDPR, should stop the top reasons for data loss: Hacking and malware and lost or stolen devices. Keep your devices and data secure if lost or stolen. Adopt a data protection policy and then communicate it clearly to your employees. Ensure that your anti-virus protection is sufficient to stop malware and ransomware.
Stop threats at the door
Stop data-stealing attacks at your network perimeter. Ensure all personal data on devices is secure. Email is a common source of accidental leaks, adopt an encryption solution to automatically encrypt or block sensitive data in emails.
Stop human error
Keep individual files secure even when they leave your network or devices. You should ensure that data is encrypted at all times, including when it’s in transit (e.g. while being uploaded). Also be mindful that transferring data, including via the cloud, to countries outside the European Economic Area (EEA) is restricted under the Regulation.
You should also ensure that only authorised recipients can access sensitive files.
What are the next steps?
Learn more about the GDPR
- Become the trusted advisor of your organization
- Are there regional regulations or requirements in your region?
Expand your GDPR readiness
- Start small with easy-to-implement data security solutions
- Add additional layers to mitigate more risk when you’re ready
Get legal advice if you are uncertain
- The GDPR is a complex legal issue
- Talk to compliance specialists
The GDPR is a complex set of regulations and the information above is provided purely as guidance on what will change following its introduction in May. Qlic are well equipped to help you gain compliance, including encryption services, anti-virus, firewalls and essential staff awareness and education. If you would like more information about how the GDPR will affect your business or to find out how we can help with GDPR compliance get in touch with us now on 0208 269 6878 or visit www.qlicnfp.com/managed-it-services/cyber-security/