GDPR is now fully enforced and applies to all businesses that process sensitive data, regardless of sector. It’s been argued that GDPR could pose a threat to the innovation afforded by correctly utilising big data to make smarter decisions.
The key element to consider with GDPR is that it only applies to Personally Identifiable Information (PII); this is the data you need to protect and identify more consumer-led methods of processing. Consent is key, with businesses heavily sanctioned for using data without explicit individual consent.
For businesses that still aren’t confident about whether they’re compliant with GDPR, here’s 4 key areas you should be looking at as a priority.
1. Protecting your digital data
All businesses are processing more data than ever before, including sensitive data. Many businesses that don’t store customers’ personal information make the mistake of thinking this doesn’t apply to them; however, all businesses will at the very least hold employee information. Therefore, all businesses must put measures in place to safeguard that digitally-stored data.
Cyber-security is a key tenant in GDPR compliance. By building your walls of defence and making them as high and complex as possible, you not only drastically reduce the risk of your data being breached or stolen, but in the event a hacker does get through, you’ll be able to prove to the Information Commissioner’s Office (ICO) that you put those measures in place. That itself is more important to the data protection governing body than experiencing a breach itself.
2. Start by encrypting your data
The cyber-security solution that should be at the top of your list is encryption; not only is it a robust way to keep your data inaccessible to cyber criminals, it’s recommended throughout the full GDPR documentation. Should any PII data you hold fall into the wrong hands – whether deliberately or accidentally – encryption will render it unintelligible. Encryption can operate at a file, folder, device or even server level, offering the level of protection most suited to your business needs. However, it’s not the only security measure you should implement; a multi-layered approach to cyber-security mean hackers are less likely to reach the pot of gold at the end: your data.
3. Evaluate how your process data
4. Don’t panic if you experience a cyber-attack
It’s important to understand what happens if the worst happens and the hackers break through your walls of defence. Whilst businesses are most fearful of experiencing a data leak, not reporting it to the ICO could be considered a bigger infraction than the breach itself. Businesses must report it to the Information Commissioner’s Office (ICO) within 72 hours of discovery. It’s especially important to note this, as failing to meet this obligation could be considered a bigger breach of the GDPR than the data leak itself.
It’s encouraging to know that you don’t have to report every single data breach to the ICO. For example, if an employee loses a business-issued smartphone that has been encrypted, you don’t need to report it because your data will be inaccessible. It’s best to check the ICO’s guidance to find out exactly what you need to report.
Bio: Natasha Bougourd is Lead Applications Writer at TSG, specialising in IT support, Office 365, GDPR and business intelligence.
TSG is an IT support company that has expertise across a wide range of technologies, from SharePoint document management, Office 365 to Sage and Pegasus ERP solutions to IT support, infrastructure and cyber-security solutions. Holding 8 Microsoft Gold competencies, TSG places focus on a highly-skilled and qualified workforce with over 1000 recognised accreditations between its team of experts, including MSCE Certifications, Prince2 and ITIL qualifications. Read more from TSG, on their blog: here