GDPR and cyber security – What businesses need to know
Companies need to consider both GDPR and cyber security and how they can work together on a practical level.
The biggest overhaul of data protection legislation in 25 years comes into force this week. General Data Protection Regulation (GDPR) will govern how data can be used and processed by businesses selling goods or services to people in the EU. Most companies rely on the personal data of their customers or clients every day. So, there is now an increasingly strict process to follow to be legally compliant.
Here’s how to ensure that your data is GDPR watertight so it doesn’t get in the wrong hands, either accidentally or otherwise.
GDPR is making it a legal requirement to install an SSL (Secure Socket Layers) certificate. This encrypts the data stored or transmitted across a website which can only be unlocked by authorised users. Encrypted data is useless to hackers. It also means Google won’t identify that website as non-secure. An SSL certificate provides a little padlock symbol in the browser bar which will demonstrate that you take GDPR and cyber security seriously.
It is difficult for hackers to gain access to encrypted data. Encryption also shows that you took steps to secure that information in the event of a data breach. This is important when you consider that nearly nine billion data records have been lost or stolen since 2013 but only 4% of that was encrypted. Therefore, encryption is an essential aspect of GDPR and cyber security.
A data breach can happen even if you take steps to align GDPR and cyber security. The new legislation takes this into account. That’s why it includes a strict requirement on who has access to data and how they record data use. Your company’s data controllers and processors need to record how GDPR and cyber security is being put into practice. Your IT support, whether in-house or outsourced, should run a patch management schedule to regularly check for network vulnerabilities. This is especially important when research has shown that 60% of data breaches are the result of an unpatched vulnerability.
GDPR brings in hefty penalties for noncompliance. It could be up to $420m (£17.2m) or 4% of the company’s total worldwide annual turnover, whichever is highest. So, it makes sense to get your GDPR and cyber security in order as soon as possible.
Upskill your staff
Endpoint technology, such as laptops and workstations are the preferred method of entry for data hackers. A study found that mobile devices are one of the weakest links when it comes to cyber security. It also found that low awareness amongst employees of security threats is a major stumbling block. Bring your own device policies are increasingly common too with 30% of UK workplaces already following one. Your teams need to know how to spot a threat, such as a phishing email. You can bring GDPR and cyber security together by retraining your teams on how to be compliant with new legislation.
You can use a variety of IT systems to restrict who has access to certain data. Draw up new data processing policies, follow them and record everything. Also, be ready and willing to share that information should it be requested by GDPR regulators.
The team here at Link IT can help you make preparations to ensure you are GDPR and cyber security ready. From a fully managed service to help when you need it, our team can provide IT support to rely on.