Four letters – GDPR – have been imprinted on the minds of UK businesses over recent months. But is it really as scary as everyone thinks? In our WebEx we hosted last week, in partnership with Quadra, a leading consultancy specialising in ISO standards, we explained what the upcoming GDPR changes mean for businesses across the UK and whether it’s more of an opportunity or threat…
What is GDPR?
GDPR brings the current 1995 Data Protection Directive into 21st century, harmonising data protection laws across 27 EU member states. The regulation requires that personal data should be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes only
- Accurate and, where necessary, kept up to date
- Processed and stored securely, including protection against unauthorised processing and against accidental loss
GDPR: Opportunity or Threat?
Since the announcement of GDPR, much of the discussion has focused on its negative effects – steep penalties, impact on reputation, extensive requirements. While these fears are rational, GDPR could be more of an opportunity to review how you process data already, identify silos, clean it and make sure you’ve got security tools in place to protect it – especially in the light of recent cyber-attacks and the possibility that hackers may use the regulation as leverage to receive ransom.
And while we don’t mean to rush you, with just over 30 days to go, if you haven’t started your preparations, it’s time to start taking these 3 steps NOW. Watch the WebEx here >
IT Steps to help with GDPR Compliance
Passwords – when implemented correctly – are a free, easy and effective way to prevent unauthorised access. Here are few things to keep in mind when using passwords:
- Switch on password protection, be it a PIN for smartphones or an encryption product such as BitLocker for laptops and PCs. Also, if your password is one of those, consider yourself hacked >
- Use two-factor authentication for ‘important’ accounts which means two different methods to ‘prove’ your identity before you can use a service, generally a password plus a code sent to your smartphone, for example.
- Do not reuse passwords, for example same ones for work and personal accounts, because in case of the hack cyber criminals will have access to all of your accounts
System Patching and Vulnerability Management
Research suggests that around 80% of attacks use vulnerabilities for which patches already exist. Nevertheless, many businesses still aren’t applying security patches, even when updates have been available for months. Want our advice? Patch as soon as and use automated patching where possible to reduce cost. Find out more about the importance of patching >
Mobile Device Protection
In the recent years, Bring Your Own Device (BYOD) has become an opportunity for companies to build a mobile and productive workforce. However, those mobile devices are subject to malware, theft or loss, and will have personal apps downloaded from third-party sites on them too. So, what can you do to minimise the risk?
- Encryption – Consider BitLocker Drive Encryption
- Two Factor Authentication – for example Windows Hello for Business which replaces passwords with strong two-factor authentication on PCs and mobile devices
- Apply flexible mobile device and app management controls such as Microsoft Intune or Office 365 Device Management
This blog post should not be relied upon as legal advice on how to comply with GDPR. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies specifically to your organisation, and how best to ensure compliance.