Why IT Security is About to Become More Important Than Ever Before

What would fines of €20 million ($25 million) or 4% of your group’s global turn over mean to your company?

Closure? Lay-offs? Shareholders walking away? Worse?

Well, it’s these kind of size fines that GDPR is ushering for your business in May – so if you’re based in the EU, or you have any customers, freelancers or business connections in the EU (even just one) – then you might want to read on about why your IT security is going to be more important than ever before…

What is GDPR?

GDPR is short for ‘General Data Protection Regulation’ – a series of rules that were created by the European Union over the course of the last 4 years. Although they’re not law as such, each country that is going to be covered by the regulation will adopt them into law through their own government departments.

Why has GDPR been created?

These new data protection rules have been created because of the different ways personal data is now used – when compared to the time previous data protection laws were created. For many EU countries, their data protection laws were last visited and revised around 20 years ago – obviously well before Google, Facebook and our use of smartphones.

At that stage, it was impossible to consider how our data would be collected and used – after all, 20 years ago most countries had only 10% of domestic properties connected to the internet. Now, that figure is more like 90% - and the average person has in excess of 25 online accounts – between email, social media, shopping sites and many more.

What does GDPR mean for businesses?

There are some big changes to business practices that are going to be required by GDPR – with the biggest changes seen in the following areas:

  • Knowing what data you hold and why you hold it
  • The structured management of your data
  • Being aware of who in your business is responsible for data
  • Educating staff to changing security requirements
  • Understanding reporting structures and timescales

A significant change comes around the way that you will need to evidence your practices. In the past, there was no need to worry about reporting on data protection law unless a data breach occurred, now however, the regulation states that you should be able to demonstrate compliance, whether or not data is in danger.

What if you’re outside the EU?

You might be breathing a sigh of relief at the moment if your business is based outside the EU – perhaps even if you’re in the UK – knowing that Brexit will soon see the country severed from many EU laws.

Well, I’m sorry to tell you that it’s not going to be that easy! GDPR will apply to any data you hold that relates to EU citizens – so even if you’re a US company, international law will dictate that this data should be held under the same safeguards.

No escape for the UK post-Brexit either, the UK’s Information Commissioner’s Office (ICO) has already confirmed that the UK will continue to abide by the regulation, regardless of any deal struck as an exit from the EU comes into place.

What does GDPR mean to your IT technology?

For most companies, data is held primarily on their IT networks and applications – hence, IT security is under the spotlight.

The best way to consider your IT data security is to ask some questions – not unlike the questions that GDPR will be asking:

“What data do we hold? And how did we get that data?”

If you hold personal data it’s now important to understand what it is, why you’ve got it and where it’s kept.

What’s more, it’s vital that you ask questions of the ‘opt-in’ procedures that led to you holding that data – do customers know what you hold about them? Do these previous opt-in procedures meet with new GDPR rules? If not, you won’t be able to continue to use the data post-GDPR without re-opt-ins from your customers.

“What do we do if someone wants to see their data?”

At the moment, customers can request the information you hold about them – and you can charge a small admin fee for the work needed to collect that information. With GDPR this is no longer going to be the case. Customers have the right to access, change or even have their data entirely deleted should they wish.

So, the question is – do you have the measures in place to make sure you could access a customer’s data quickly and completely?

“Is our hardware appropriately protected?”

Modern IT networks can be extremely complex – not least because of habit many of us have got into the habit of using own devices as part of business networks. It’s now fairly common for a small business’s network to be a ‘hybrid’ that involves a variety of connections to the wider world – including 4G mobile devices.

Unless you’ve got dedicated in-house support for your IT infrastructure, it can be difficult administer everything to a consistent standard. For smaller businesses, having a managed service provider with an understanding of GDPR on board will ensure your hardware and applications are fully protected against cyber security breaches.

Larger companies – especially those with multiple sites might look to garner more control over their IT infrastructure with an SD-WAN centralised solution – especially if the person administering those WAN controls works closely with a data protection officer. You can learn more about what SD-WAN might offer your business network by clicking here.

What’s the next step for you?

At this stage, it’s important to realise you should act sooner rather than later when GDPR is concerned. The regulation becomes law in most applicable countries in May of this year – and with a significant number of questions to ask of your policies, practices, networks, websites and employees – there’s really no time to lose.

Remember, being protected isn’t enough anymore – you’ve got to be ready to evidence exactly how you’ve protected your sensitive personal data – and you’ve got to be able to do it quickly and accurately.

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
    Blogger Comment
    Facebook Comment