Skip to content

GDPR Week 4 – Best practice for ensuring data security

Person Holding Data Block New Lock Icon

Iit’s already week four of our GDPR journey together! You are probably bored of us banging on about the things you need to do to be compliant but do keep with us. We are nearing the end! Many of you will have already started to tackle your GDPR responsibilities and be well on your way to being compliant. For those who haven’t…there is still time to get a plan in place. Even if you are not completely ready by the 25th of May, having a corrective plan in place will help your cause so don’t panic.

This week we will be focusing on best practice for ensuring data security. Under the new GDPR rules you are responsible for how your data is stored and protected. Below are some to prepare your online systems for GDPR.

Recommendation 1 – Have good Backups with a regular restore to confirm that the data is corrected

Backup is like an insurance policy, you don’t want to pay for it, but you must have it in case the worst should happen. As part of your disaster recovery solution, you should already be creating and storing a backup of your data with a copy being held off-site. GDPR builds on this best practice by making it a requirement for you to be able to restore your data promptly in the event of data loss or corruption.

We have two recommendations to help satisfy the extra responsibilities:

  1. Use a cloud backup solution called Datto. These systems are incredibly smart and offer excellent data resilience.
  2. Perform regular test restores. It is one thing having a backup…it is another to know that it will work when you need it. Don’t wait until you’re in a disaster recovery situation to find out if your backup works!
information security online, cybersecurity and personal data protection, gdpr
Data protection Cyber Security Privacy Business Internet Technology Concept.

Recommendation 2 – Protect network access by Separating Corporate Machines and devices from personal devices

Who doesn’t like a bit of free wi-fi? It saves your data allowance and probably gives you faster speeds etc. So, it is evident that most people will connect their mobile phone to their work wireless network or a visitor might ask for access. The problem with this is that you now have lots of additional unknown devices connected to your system. Under GDPR it is you responsibly as the data controller to know who has access to what on your network, so it is not a good idea to have personal devices on your corporate system.

If you still want to allow personal devices access to your internet connection, we can create a separate guest network for your employees and visitors to use. Which stops them from being able to see any of your corporate machines and so removes any risk they might pose. Most of you will already have this facility…it’s just a case of switching it on. If you would like us to do this, please let us know.

Recommendation 3 – Create a secure area for sharing data with third parties (Subcontractors/Suppliers.)

Sharing data with third parties is often a vital aspect of most businesses. GDPR, however, changes the relationship you have with third parties making you both liable for the protection of data you share. Which means that you have to think about the systems you use to pass on information and how you secure access to these systems.

If you are regularly exchanging information with a third party, we recommend that you adopt a secure storage area which has access controls. Which enables you to keep full control of your information! We have many solutions tailored to different needs so if this is something you are interested in; please do get in touch.

Abstract security cloud technology background. Illustration Vector
Person using a Laptop Computer with data protection, Cyber security, information safety and encryption concept. internet technology and business concept, Laptop mockup with clipping path on screen.

Recommendation 4 – Check your marketing data to ensure it conforms with the GDPR Requirements. 

No one likes junk mail, and one of the more publicised parts of GDPR is how it now protects consumers against receiving unsolicited marketing. Great news for consumers but adds a few requirements for any of you who perform this kind of marketing activity. You will need to get renewed consent for all of you existing marketing contacts. The ‘gold standard’ of consent is called double opt-in. Which means that in addition to a customer signing up through a web form they need to confirm that they wish to receive your correspondence by clicking a confirmation link in a follow-up email before you can market to them.

We recommend that you use your existing email marketing system to send a new opt-in email to all of your existing contacts using the new consent model. Remember you will be unable to use current lists after the 25th of May if you don’t do this!

Wondering what to do now? If you want to find out more about Our companies press the buttons below.

Other Posts in this Category

Learn More about Voice Commands and Speech recognition

Learn More about Voice Commands and Speech recognition

In this insight, we look at how you can use voice commands to carry out tasks in Windows, plus how

New WhatsApp Features: ‘Communities’, In-Chat Polls and more

New WhatsApp Features: ‘Communities’, In-Chat Polls and more

Meta’s WhatsApp has announced the global rollout of its ‘Communities’ feature along with in-chat polls, 32-person video calls, and groups

Could ‘PimEyes’ be used for Stalking and Unlawful surveillance?

Could ‘PimEyes’ be used for Stalking and Unlawful surveillance?

Privacy campaign group Big Brother Watch has filed a complaint to the ICO that the face recognition search engine PimEyes

Is The End Coming For Forever Chemicals?

Is The End Coming For Forever Chemicals?

In what could be a huge step forward for environmental clean-ups, a team of researchers from the University of Washington

What Are Discord Servers?

What Are Discord Servers?

In this insight, we look at what a ‘Discord server’ is, how to set one up, and the pros and

Green Claims: The Challenge Of Verifying Supply Chains

Green Claims: The Challenge Of Verifying Supply Chains

With sustainability credentials ever more important to stakeholders, we look at how IT buyers can ensure that the green claims