The General Data Protection Regulation (GDPR) came into force in May 2018 with maximum penalties for non-compliancy of 4% of annual revenue or €20 million, whichever is the higher. Thus, data protection becomes a board-level responsibility for many UK businesses and the challenges associated with better data protection and data processing methods will require a fundamental change to the security operations deployed.
Unfortunately, GDPR compliancy is not just an easy-to-follow guide, but more of an on-going process. Its impact is organisation-wide (business process, legal, governance, people and training).
GDPR Key points
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
GDPR Compliance Services
Introducing GDPR Compliance as a Service
We offer a complete service for a monthly charge which covers:
- An initial GDPR Assessment
- Remediation Services
- GDPR Approved Documentation– Regularly scheduled mandatory reports, as required by GDPR– Demonstrate your company’s “best efforts” to comply
- Ongoing GDPR Compliance– Regular, automated network scans detect and document any ongoing issues
This is a cloud-based service with a local appliance that provides regular scheduled internal network scans to find Personally Identifiable Information, and external scans to identify vulnerable IP addresses. All the required GDPR documentation is produced to demonstrate continuous improvement, including:
GDPR Primary Documents
GDPR Supporting Documents
Sample Report Pages
- External Port Use Worksheet
- User Access Review Worksheet
- Asset Inventory Worksheet
- GDPR Compliance Questionnaire
- Site Walkthrough Checklist
- Personal Data Scan System Selection Worksheet
- Personal Data Validation Worksheet
- External Vulnerability Scan Detail by Issue
- Internal Vulnerability Scan Detail by Issue
To maintain GDPR compliance, in addition to conducting regular audits an effective multi-layered and multi-vector security strategy will need to be implemented that will enable you to:
Protect the perimeter – deploy next-generation firewalls to reduce the network’s exposure to cyber threat, mitigate the risk of data leaks that could lead to a data breach resulting in stiff penalties assessed under GDPR, and deliver the forensic insight required to prove compliance and execute appropriate remediation following a breach.
- SonicWALL next-generation firewalls from Wem Technology help protect against emerging threats and feature deep packet inspection; real-time decryption and inspection of SSL sessions; adaptive, multi-engine sandboxing; and full control and visualisation of applications on the network.
Protect the network – ensure the latest threats are mitigated by using a patch management system and state-of-the-art antivirus/anti-malware solutions
- Consider using a Managed Service Provider similar to Wem Technology to help deliver planned system updates in a timely fashion and provide detection, investigation and reporting, helping to comply specifically with Mandatory Breach Notification and Data Protection by Design.
Facilitate secure access to data – foster the secure flow of data while enabling employees to access the corporate applications and data they need and with the devices they choose. Enhance data security by combining identity components and data encryption to improve data protection and GDPR compliance.
- Office 365 with Enterprise Mobility + Security (EMS) from Wem Technology helps protect your company’s important data, regardless of where it’s being accessed from and on any device, secure your data and devices, identify security breaches, manage user identity authentication, authorisation and administration and encrypt email messages.
Implement Backup and Disaster Recovery– GDPR puts an obligation on companies to have an effective, regularly tested Disaster Recovery (DR) solution in place. Also, to have the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.
- Datto Backup and Continuity appliances from Wem Technology provide comprehensive protection for all your data and systems.
-Image-based snapshot technology
-Ability to back up as often as every 15 minutes for critical data
-Easy and fast verification that your backups work
-Protection for all environments (Windows, Linux, Physical, Virtual), remote workers and SaaS applications (Office 365 and G-Suite)
-Replication of backups to an offsite location allowing you to continue in the event of a disaster recovery invocation
-Fast recovery times and reliability
-Ransomware detection and mitigation
Useful GDPR Tips:
- Build a plan!
- Provide your staff with GDPR and security awareness training
- Consider quick-wins such as adding 2-factor authentication, system protection and resilience
- Implement policies such as clear desks, strong passwords, user access control and the disposal of data (including shredding of sensitive paper-based information)
- Locate, classify and document your data, then determine who really needs to access it
- If you have marketing lists, follow the Direct Marketing Alliance guidelines and check GDPR announcements regularly
- If suppliers are asking you about your GDPR compliance and you are not quite ready, consider providing them with a statement of commitment and let them know what steps you are currently taking in order to comply
- Securely dispose of all old data (e.g. marketing lists) that you no longer need
- Implement and modify your processes, policies and procedures to include the GDPR principles
- Use the data assessment toolkit on the ICO website at https://ico.org.uk/
- Prevent consumer-type applications from your network as some of these contain terms & conditions stipulating that they may use your data
- Use the technical resources of a trusted provider of I.T. Security and Continuity solutions
The convenience of the digital age keeps us operating and connected. Even as the pandemic has stalled large parts of daily life, an abundance of business and communication continues to persist. Technology provides a workplace at our fingertips. It’s instantaneous, … Read more
App-based cab firm Uber has admitted paying $10,000 (£75,500) to cover up a data breach that impacted 2.7 million of its UK users. The company’s database was hacked in 2016, with cybercriminals obtaining access to 57 million names, email addresses … Read more
One enterprising scammer has used phishing techniques not to try and get rich quick, but secure a prisoner’s early release. Konrad Voits from Michigan, USA, masterminded an elaborate scheme to try and get a prisoner at Washtenaw County out of … Read more
Android users could be putting their data at risk by using unlock patterns – which can be guessed by as many as 60% of onlookers. Researchers at the US Naval Academy and the University of Maryland Baltimore County looked into … Read more