Call us 0843 453 0103

The EU General Data Protection Regulation (GDPR) will be enforced from 25 May 2018. 

It affects all organisations that hold personal data on EU citizens - including the UK.

It is a set of rules that companies must follow in order to protect the data they store.

GDPR is aimed to prevent data breaches.

Causes of Data Loss and GDPR requirements

Hacking or Malware – 57%*

Cause: Criminals gaining unauthorised access to IT networks and stealing data. GDPR requirement: Malware Protection and Firewalls.

Unintended Disclosure – 22%

Cause: Accidental emails to the wrong people. Using insecure cloud storage facilities can also lead to the wrong people seeing data. GDPR requirement: Email encryption. Educate staff to prevent human error. Be careful when using online storage.

Portable Devices – 10%

Cause: Portable devices are easily lost. Laptops and tablets can easily be left on trains and buses etc. GDPR requirement: Encrypt the devices. Install software allowing you to remotely lock and wipe portable devices.

Physical Loss – 7%

Cause: Hardware failure and accidentally deleting files. GDPR requirement: Keep hardware healthy and upgrade periodically. Educate staff to prevent Human Error.

Other – 4%

Companies lose data in other ways including a malicious insider. Cause: This would be someone within the company purposely releasing or damaging company data. GDPR requirement: Access control protects from a malicious insider. Access to business critical data is limited.

*Although Hacking or Malware accounts for only 57% of all data loss incidents – it accounts for 91% of records lost overall.

Hacking and Malware protection is essential on any IT Network.

The stress free way to become GDPR compliant.

Do I need to purchase any products to become GDPR compliant?

  • You may or may not need to purchase lines of defence for your network such as anti-malware or firewalls.
  • You may or may not need to purchase encryption products.

undefined

Potential fines for not being GDPR compliant range up to £20m or 4% of worldwide, annual turnover – whichever is higher.

Keywords and Phrases

Keywords and Phrases

The Governing Bodies

Every EU state will have a governing body to enforce GDPR law. Remember – for the purposes of GDPR, the UK is included within the EU.

The ICO is the governing body for the UK – this is who will come looking for the Data Protection Officer in your company in the event of a data breach.

ICO Website

Data Protection Officer

Under GDPR Law, every company is advised to have a Data Protection Officer to be responsible for the company’s data. The designated person should be a part of the senior management and is responsible for justifying that the company’s IT Security system is appropriate for the data stored on the network. The Data protection officer is also responsible for Data Governance. The Data Protection Officer must define and document the company’s efforts to prevent a data breach and must be prepared to justify the company’s effort if a data breach does happen.

Data Governance

Data Governance is the continuous process of knowing:

1. What data the company stores
2. Where the company’s data is stored. (Companies must be careful when using online, cloud based storage facilities such as Dropbox and Salesforce)
3. Removing data the company does not need

GDPR Explained in 5 Points

Contact Pinnacle

Sage Strategic Partner

Request a call back …