GDPR – How the IDT team can help
With the GDPR coming into effect on the 25th of May 2018, there are areas around GDPR that we are expert to advise on and help with.
Encryption and Data Security
Encryption is one of the most popular and effective data security methods used by organisations. The purpose of data encryption is to protect digital data confidentiality as it is stored on computer systems and transmitted using the internet or other computer networks.
GDPR requires businesses to implement technical and organisational measures to provide appropriate protection to the personal data they hold. With the introduction of GDPR, encryption and other security measures are established as data protection standards responsible organisations are expected to utilise or face the consequences.
We can help you to make sure you have the right technology and solutions in place to encrypt all personal data held by your business or organisation.
Similarly, The GDPR will introduce a name-and-shame mechanism whereby businesses will have to notify the data protection authority if there is a security incident that affects the integrity, confidentiality or security of the personal data that they hold. If the breach is likely to result in discrimination, identity theft or fraud, financial loss, damage to reputation, or other significant economic or social disadvantages for data subjects, businesses will have to notify the breach to the affected data subject.
Importantly, no notification to the data subjects will be required if businesses have implemented appropriate technical and organizational security measures in respect of the data that were affected by the breach.
So, if, prior to the breach taking place, the data were rendered unintelligible, for example by means of encryption, businesses will not have to notify the data subjects of the breach.
An important aspect of GDPR compliance is ensuring that the data you do hold and store is controlled and safely protected. To control data, it is highly advisable to centralise and store it in the right place so that it can be safely monitored and controlled. For example, if you are a business currently running on multiple laptops with no servers, then it’s impossible to control that data unless it’s centralised. We can help create a virtual situation for your business moving to a server environment with a robust back up and security plan in place.
Backups and disaster recovery
Backup and disaster recovery is essential under GDPR. Organizations are held responsible for their ability to recover lost personal data that they hold in a timely manner. In order to remain compliant, they must have the necessary backup and disaster recovery strategies in place and actively take the time to regularly test the integrity and the effectiveness of the solution.
Otherwise, your organisation could be looking to face heavy fines for failing to protect the data that you hold and monitor. We see more and more organizations falling victim to sophisticated ransomware and cyber-attacks because they do not have the necessary backup and disaster recovery solutions in place.
Our extensive experience and expertise in delivering our Remote Unlimited services for our clients means that we can provide you with real-time support and servicing for all your IT infrastructure, including Managed Threat Protection (Antivirus cover and Endpoint Management), unlimited backup licenses for your virtualized servers and fully-automated backup strategy and alerting if any failures, data breaches, or warnings do take place.
The Right to be forgotten (RTBF)
The right to be forgotten will be one of the most challenging parts of GDPR compliance.
From May 25th 2018 onwards, if a company is presented with an RTBF request, they will have 30 days in which to find that individual’s information and delete all records of it that are no longer being used for their original purpose, unless they are required to be held for other regulatory reasons.
We can help you to look at your IT systems and policies to understand how compliant you already are and what needs to change.
Furthermore, we can help your business map the data flows in and out of the organisation to build a picture of where the GDPR data is going and who it is going to. Ultimately, monitoring and scanning for critical GDPR information will highlight what your business is already doing, what needs to be done to become compliant, and therefore where there are gaps.
There is also a need to understand how GDPR data is shared – e.g. contact lists sent to a telesales company. We can help work with your departments that hold critical data in order to map data flows that will create understanding. It’s worth remembering that even when the information or data goes outside your organisation, this data is still your responsibility, so you need to know who you’ve shared it with so you can make a corresponding RTBF request should you need to.
Get in touch
Contact us today on 0115 9684949 for a quote on any of our GDPR related services.