GDPR Requirements, Is Patching Essential?

Published: 8 June 2018

“Failing to patch vulnerabilities now will lead to punishment under the GDPR” is the message from the UK IT Governance Department. You might think it’s a scare tactic, however in reality it’s a practical takeaway for businesses, to ensure patching is considered as part of their GDPR requirements.

Is Patching a GDPR Requirement?

While the General Data Protection Regulation (GDPR) isn’t explicit about how you must protect customer data, there are a few basic technologies you should put in place. Patch Management is one of those– with the ICO’s statement an acknowledgement of this.

The 88-page document from the European Commission makes it abundantly clear that both data “controllers” and “processors” must protect EU customer information through “appropriate technical and organisational measures.” And failure to do so could result in penalties.

Why Is Patching Important?

Staying up-to-date with patching is crucial to preventing data breaches. The WannaCry and NotPetya ransomware attacks are a classic example of the severe consequences of missing critical patches, as fixes were available for both before the attacks happened. AND When it comes to GDPR, a lack of patching could be seen as negligence.

Don’t Be the Next Carphone Warehouse…

In 2015 Carphone Warehouse was issued with one of the largest fines by the ICO as the result of a data breach. One of the key points in the report highlighted that the company failed to secure the system which resulted in loss of personal data of over three million customers. Something that patch management could have prevented.

The Information Commissioner said, “A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.”

What Does Patching Do?

An effective Patch Management solution will fully automate the patch management life-cycle for desktops, laptops and servers by identifying, testing & deploying operating system as well as 300+ third party application service packs, security fixes and patches daily.

For SME’s, manually searching for and applying software patches is a manual and time-consuming task. Patch management overcomes this challenge and automatically handles the update process for every node on the corporate network.

Really, it should be a part of every IT manager’s arsenal. Nowadays, even minor software bugs can lead to major headaches so the importance of implementing a regular patching schedule can’t be underestimated!

Find out more about our security solutions > 

Read More

Beyond MFA – Protecting users from modern attacks

12 September 2023

Our CTO Simon Barnes discusses MFA and the further steps you must take to protect your business from modern attacks.

Introducing Microsoft Copilot 

31 July 2023

Microsoft Copilot is the latest AI feature for Office 365. Check out our blog to learn more on how this can benefit your business.

The Challenges of Post-Pandemic Working

27 October 2022

What are the key challenges to working and managing IT in the post-pandemic world? We discuss them in our blog.

Employee or Employer; Where does the cyber breach responsibi...

12 October 2022

Cyber Security responsibility is a loop; both employees and employers are accountable for preventing a cyber breach.

Swissport’s cyber security proves resilient to an atte...

10 February 2022