Call us 0843 453 0103

The EU General Data Protection Regulation (GDPR) will be enforced from 25 May 2018. 

It affects all organisations that hold personal data on EU citizens - including the UK.

It is a set of rules that companies must follow in order to protect the data they store.

GDPR is aimed to prevent data breaches.

Causes of Data Loss and GDPR requirements

Hacking or Malware – 57%*

Cause: Bad guys gaining unauthorised access to IT networks and stealing data to make money. GDPR requirement: Malware Protection and Firewalls.

Unintended Disclosure – 22%

Cause: Accidental emails to the wrong people. Using insecure cloud storage facilities can also lead to the wrong people seeing data. GDPR requirement: Email encryption. Educate staff to prevent human error. Be careful when using online storage.

Portable Devices – 10%

Cause: Portable devices are easily lost. Laptops and tablets can easily be left on trains and buses etc. GDPR requirement: Encrypt the devices. Install software allowing you to remotely lock and wipe portable devices.

Physical Loss – 7%

Cause: Hardware failure and accidentally deleting files. GDPR requirement: Keep hardware healthy and upgrade periodically. Educate staff to prevent Human Error.

Other – 4%

Companies lose data in other ways including a malicious insider. Cause: This would be someone within the company purposely releasing or damaging company data. GDPR requirement: Access control protects from a malicious insider. Access to business critical data is limited.

*Although Hacking or Malware accounts for only 57% of all data loss incidents – it accounts for 91% of all records lost overall.

Hacking and Malware protection is essential on any IT Network.

The stress free way to become GDPR compliant.

Do I need to purchase any products to become GDPR compliant?

  • You may or may not need to purchase lines of defence for your network such as anti-malware or firewalls.
  • You may or may not need to purchase encryption products.

undefined

Potential fines for not being GDPR compliant range up to £20m or 4% of worldwide, annual turnover – whichever is higher.

Keywords and Phrases

Keywords and Phrases

The Governing Bodies

Every EU state will have a governing body to enforce GDPR law. Remember – for the purposes of GDPR, the UK is included within the EU.

The ICO is the governing body for the UK – this is who will come looking for the Data Protection Officer in your company in the event of a data breach.

ICO Website

Data Protection Officer

Under GDPR Law, every company must have a Data Protection Officer to be responsible for the company’s data. The designated person should be a part of the senior management and is responsible for justifying that the company’s IT Security system is ‘state of the art.’ The Data protection officer is also responsible for Data Governance. The Data Protection Officer must define and document the company’s efforts to prevent a data breach and must be prepared to justify the company’s effort if a data breach does happen.

State of the Art

When it comes to GDPR, the ICO realise that not every company can afford the biggest and best products on their network. They do however expect that a company’s network has functioning protective products that are suitable for the data stored and that are continuously patched and upgraded – state of the art.

Data Governance

Data Governance is a term that you will hear in conjunction with GDPR. Data Governance is the continuous process of knowing:

1. What data the company stores
2. Where the company’s data is stored. (Companies must be careful when using online, cloud based storage facilities such as Dropbox and Salesforce)
3. Removing data the company does not need

GDPR Explained in 5 Points

Contact Pinnacle

Request a call back …