November 1, 2017 | News
With only a few months to go until the GDPR becomes law, businesses should now be carrying out an internal gap analysis of current cyber security practices as compared to GDPR requirements.
What is it?
The EU’s General Data Protection Regulation (GDPR) is a set of laws intended to ensure that companies are securing the data on their IT Networks.
It will enter into force on the 25th of May 2018.
GDPR will be a game changer in how businesses collect, store and protect data given the significant fines being introduced for non-compliance. It is stated that fines will be up to 20 million Euros or 4% of annual worldwide turnover – whichever is higher.
These huge fines are most relevant to large multi-nationals however GDPR does apply to even the smallest of EU businesses.
What does my business need to do?
1. From a technical perspective, every business will need to install a satisfactory level of IT Security infrastructure into their network to be complaint with GDPR laws.
Some technology which may be used to strengthen your network:
- Encryption products – Through encryption, documents are locked and so will appear as gobbledegook unless opened with the correct ‘key.’ Only those with your encryption key can access your data.
It is possible to add products to your network which will encrypt your files for you and allow you to manage your encryption keys. Some programs – such as Office 365 – will have encryption functionality already built in which will simply need to be switched on and configured.
- Anti-malware protection – These prevent your network from data breaches. You will need to prove that these layers are present within your network to GDPR authorities.
Some examples of malware protection include:
- Ransomware Protection
- Firewalls – Firewalls sit around the perimeter of your network and stop undesirables from getting in.
2. From a staffing perspective, companies are required to implement data protection procedures internally.
Whether or not your network needs strengthening can be calculated by IT experts.
When do I need to be complaint by?
May 25th 2018.
This is when the rules can officially be enforced and when the fines can be handed out.
Contact Pinnacle’s IT Services team to discuss GDPR!