Get GDPR Ready with ISN. Our GDPR toolkit sets out the steps to takeYou’ve probably heard the European General Data Protection Regulation (GDPR) will come into force here in the UK on 25 May 2018. You probably also know that nobody is exempt from GDPR, not even charities or the public sector. And that, regardless of what happens with Brexit, GDPR is not going to disappear any time soon and will continue to apply, regardless of any post-Brexit model, to ensure data can move freely between the UK and EU. With GDPR approaching fast, what are the everyday implications for IT? And what solutions should you deploy to ensure compliance with these new regulatory demands? The good news is that if your business handles personal data and already adheres to current UK Data Protection regulations, you’re probably already halfway to GDPR compliance. But GDPR contains some important new data protection considerations that will need to be accommodated. So, you may well need to re-assess your strategy, processes and technology – and also appoint a Data Protection Officer. Let’s take a look at what’s new in GDPR.
What is it – and what does it all mean?The new GDPR has substantially expanded the definition of personal data. Which means, for example, that online identifiers such as IP addresses, cookie or location data now also qualify as personal data alongside other personally identifiable information – such as name, address, email address, telephone number or health and genetic or financial data. GDPR applies to everyone – including non-EU businesses that operate in the EU. And it should not be viewed as a tick-box compliance exercise. Because if your company is not compliant by the time GDPR legislation comes into effect, there will be large fines to face.
In a nutshell, under GDPR:
- If a data breach occurs, you need to report it within 72 hours. Failure to do so means your business may be fined EUR 20 million or up to 4% of working turnover for serious violations. The Information Commissioner’s Office’s recent blog doesn’t mince its words; companies are urged to ‘tell it all, tell it fast, tell the truth’.
- Consent to process personal data must be clear and unambiguous.
- If somebody requests access to all the data you have about them, asks why that data is being processed, how long it’s stored and who else gets to see it – or wants everything erased – you need to be able to do this, and do it efficiently.
- Privacy by design – an approach that promotes privacy and data protection compliance from the start – is now a key consideration. This has major ramifications for infrastructure, IT security and development teams, who must work with project stakeholders to ensure a secure architecture for services from the outset. This applies to data systems as well as IT infrastructure in general.
- GDPR is all about people’s digital identities and how data gets from A to B. Businesses should be able to demonstrate they have taken steps to make data secure – and ensure that only those who are authorised or need the information, at a specific time, can access or share it.
Where do you begin?You may feel like you’re facing a ticking time bomb in the countdown to GDPR. But a good starting point is to audit your current infrastructure to ensure you’ve got the right data protection systems and controls in place. Here at ISN, we’ve put together a handy infographic that sets out our step-by-step guidelines and a roadmap to GDPR compliance that incorporates the processes and controls that need to be in place. These guidelines also include an overview of the security technologies you should put in place – covering everything from identity and access management to cloud-based file tracking as well as monitoring and threat protection. With time running out to meet the deadline, we can support you with each step of your GDPR compliance project – as much or as little as you like. Unfortunately, there is no magic bullet to assuring compliance. Every business is different, and a lot depends on how much data you process, where it resides – including the cloud or on mobile devices – and who has access to it. But by leveraging the appropriate tools and technologies you can improve your chances of maintaining compliance on a consistent basis. That’s where ISN can help, ensuring your security and infrastructure is as good as it can be:
- Making the best use of the infrastructure and technology you have today, helping with the design of new services at the outset to ensure “Privacy by Design”
- Building resilient infrastructure, virtualisation and utilising public and private cloud resources
- Ensuring the confidential personal data stays that way
- Authentication solutions to prevent theft of credentials
- Network breach prevention using a variety of technologies to protect your exposed attack surface areas
- Evaluation and testing, ensuring everything is configured as it should be
- Logging, archiving & audit trail, ensuring activities are recorded and reported upon
Share this story: [ssba]