GDPR Week 3 – Data Security
Click The Arrow For The Table Of Contents
Its week three of our GDPR journey together! We hope these bite-size chunks are helping tame the beast that is GDPR and removing some of the fear of what’s required. Please remember to share this email with anyone else that may be struggling with the concept of GDPR. It is important that we all take note of the new laws and helping to remove the burden of technology from hard working business people is the reason we get up in the morning, so we welcome sharing of our advice.
This week we will be focusing on the best practice for ensuring data security. Under the new EU GDPR rules, you are responsible for how your data is stored and protected. Below are some to prepare your online systems for GDPR.
Recommendation 1 – Control Access to Data
As a data controller under GDPR, you are responsible for the data security technologies of the files stored with your IT Systems. We have split this into three critical areas for your consideration.
- Prevent unauthorised access to data
You must show how you have considered who has access to what information and it is necessary for them to have that level of access - Have records of how data has changed
It is essential to show an audit trail of data access, changes and deletion - Detect and Report Un-authorised Access to Data
You must notify the ICO of a breach within 72 hours of becoming aware of the violation.
We recommend you secure your systems with access control lists and turn on file auditing. In addition to this, we have some solutions to address these issues and would be happy to help you enable this protection. Please reply to this email or give us a call to discuss this further.
Recommendation 2 – Remove Legacy Software and Hardware
There is a lot to be said about loyalty, but in this case, you may be doing yourself a disservice. Software and hardware that are not receiving regular data security protection are probably one of the most significant risks to your organisation’s data compliance and security.
Under GDPR you must ensure that you protect your data and doing regular security patching is all part of this. If a device or software system is no longer receiving security patches, then any exploits could leave your systems open to a breach like the NHS after the WANNA CRY outbreak.
We recommend doing an audit of all software and hardware in your organisation, so you know what is current and what is legacy, then replace the old kit. We already do a lot to keep your systems as up to date as possible, so this requirement should be another easy win. If you would like help with this give us a Call or email to discuss the further
Recommendation 3 – Run up to date Anti-Virus and Antimalware
Hopefully, in today’s business environments it is a necessity that we all run up to date Antivirus and Antimalware software. GDPR further enforces this requirement by its requirement to protect all personal information.
If you’re already a client, then it’s highly likely we already regularly monitor this protection and proactively fix any issues you have with Anti-Virus and Antimalware. If you are not currently part of our proactive ecosystem, then and would like us to monitor your systems give us a call or email to discuss further.
Recommendation 4 – Regularly update all software to ensure all known vulnerabilities are not present
Security and Feature updates are now commonplace in the IT industry. The most commonly known example would be Windows Updates. We recommend you regularly update your machine including downloading any update for software installed on your computer. GDPR requires you to give the best endeavours to data protection and running regular updates is a core part of your IT System’s Security.
If you’re a client, we can monitor your system and make sure you’re always running the latest version, if you would like us to track your systems give us a call or email to discuss further.
