The General Data Protection Regulation (GDPR) is a European Union-generated piece of legislation that sets guidelines for the collection and processing of personal information of individuals in all of the EU member states.
All organisations within the EU must adhere to it, as well as any business outside of the EU that conducts business with EU individuals, meaning that it will still apply to the United Kingdom post-Brexit. It encourages businesses to collect and manage data in a whole new way, ensuring that individuals have control over who can access their data. The legislation will come into force on 25th May 2018.
All sorts of data is covered, from the usual suspects – names, phone numbers, location data, gender and personally identifiable information – to more sensitive data, such as biometric data (think retina scans and thumbprint readers) and ethical, genetic, economic and cultural data. The aim of the legislation is to protect individual EU citizens and places the onus on businesses to keep minimal amounts of this data.
There are plenty of guides that can talk you through the legislation further, but as an IT company that supplies IT to businesses, we have a number of products and services to help you cover several of the GDPR’s security and data requirements. These services will give you an audit trail and documented evidence that you are trying to be compliant.
We have broken this GDPR service offering down into three key elements:
Security patch management: we can manage security patches across all devices and provide automated reports to show compliance. Data needs to be kept secure at all times, with the cost of a data breach being up to 4% of your annual turnover or €20 million, whichever is higher. By having us manage security updates, you can be safe in the knowledge that someone is keeping on top of your ongoing security requirements.
Security protection: we can deliver the latest anti-ransomware and antivirus software to all devices, with automatic reporting for compliance. The need to ensure that you’re taking data protection seriously is a key component of GDPR, so you can rest assured that the highest and most stringent of data security protocols are being followed.
Risk Intelligence Reporting: we can regularly scan your PCs and devices to assess what data is held where, and whether it is a risk to your business. This service monitors downloads and local folders to see where there is a risk of a data breach. With staff downloading, sharing and transporting data in so many ways, you need to remain aware and accountable. Ongoing reports are issued to your data officer to help you evidence your compliance.
Alongside these three services, we have the capability to update any current data management processes that your organisation uses, including the set up of compliant file and permission structures which can be optimised with complete on demand visibility of what permissions are granted for each user, giving you greater transparency and control over data accessibility.
Ensuring that you comply with GDPR isn’t one department’s responsibility – it’s down to everyone in the organisation to consider their use of data and data management practices. However, we can help you ensure that your business can cope with some of the technological compliance elements of GDPR.
If you’re interested in talking to us about GDPR compliance and reporting, get in touch today.