What’s expected of your business under GDPR?
Businesses will now need to become more considerate and must facilitate the rights of an EU citizen. This will mean that as a business you must have in place the appropriate processes to deal with data requests efficiently. As if a 30-day deadline passes without the request being completed you will be in breach of GDPR and may face a penalty from the ICO.
Best practice for business will to be to begin embedding systems and practices into their business now to ensure that they can cope with the new regulatory conditions that data subjects may impose on them through use of GDPR rights.
Another best practice for businesses will be to invest in staff training to ensure that staff are able to deal with any requests regarding information promptly. It would also be useful for your business to train them on how they can be GDPR compliant. The business will ultimately be at fault as opposed to an individual within the organisation should a breach of regulation occur.
This will also help your staff to know what to do in the event of cyber-attack and how best to
deal with it. The higher risk data that a business holds the higher the fine that they can face. So, having staff that are able to deal with issues quickly and abide by the correct protocols will mean that the business is looked at by the ICO in a more favourable way than if you don’t know how to respond to a data breach.
The six key principles
There are six key principles that businesses must remember for data that will help you
to improve your businesses GDPR compliance. The principles are as follows;
- Data must be processed lawfully, fairly and in a transparent manner,
- Data must be collected for specified, explicit and legitimate purposes,
- Data must be adequate, relevant, and limited to what is necessary,
- Data must be accurate and, where necessary, kept up to date,
- Data must be retained only for as long as necessary,
- Data must be processed in an appropriate manner to maintain security.
A business that uses these six principles and understands the rights of EU data subjects won’t go too far wrong with GDPR and should avoid any major breaches in GDPR from a data subjects point of view.
You can protect against GDPR penalties. Find out how here.
It is important that a business understands what data is so they can identify what data they hold and the importance to protect it. Data is the facts and statistics gathered that can be then analysed/used to create information.
Data can vary in its type as it can be paper based or digital, as a business it is important that both are kept safe. Many businesses now look towards keeping data digitally as it is easier to manage access and protect. a digital format also comes with a higher risk as it could be accessed by an outside party and used maliciously. Many businesses are exposed to the risk of hacking for data theft and ransomware attacks. However, more traditional methods of data storage also apply to GDPR, so it is important that your business understands where it’s data is stored.
Types of data
There are several types of this that a business may hold. Personally, identifiable data (including; names, addresses, dates of birth), private data (including; driving licence numbers, passport numbers), and confidential data (including; bank details, credit/debit card numbers, and medical information).
How to protect it?
Data that is stored digitally should have restricted accesses so as users can only access the data that they need and restrict permissions on the most important data. This will improve the security of your data however you should also have anti-virus software installed so as any malicious malware is blocked from accessing your data. You should also have a cloud back up for your data that will mean that you have more than one copy of your data so should you have it stolen or break then you have access to it and can continue working. Have a locked network that requires a password to access, it is common that data is stored on a network that allows people to have access to it from various locations however it is important that your network is secured to prevent it becoming easy for hackers to steal your data.
Read more on data and GDPR
Security isn’t just a physical presence anymore in order for an individual or business to remain safe they will need virtual security to protect their systems. As data once fallen into the wrong hands can become extremely damaging. From a business’s point of view, it is more important than ever to be able to keep your data secure. Not only are you responsible for your own data but the data of clients and employee’s.
Cyber security is important to understand as it can often be the difference between a data breach and not. Which in turn is the difference between damage to the business and not, with both financial and reputational damage at risk.
Cyber security is not normally high on the list of considerations for a business when they are looking at their risks. A lot of business’s over look cyber security as it has never previously been an issue. This is where they can be caught out. A business is more at risk in today’s world than ever before especially online. Now people are able to break into a network steal data and use it fraudulently without getting out of bed. The best ways for a business to protect themselves would be to employ a cyber security specialist but that would be unrealistic. So, we have put together a list of aspects to check in order to improve your online security. It also happens that Cyber insurers consider these aspects when calculating a premium.
Passwords; Are your passwords changed regularly? Are the passwords considered strong?
Restricted access; Do people only have access the data they need to complete their work?
Closed network; Can you only access the network from a certain location on a certain device or can you access the network anywhere?
Cloud usage; If you use a cloud server to store data what software protection does it have? and is the server private or shared?
Data relevance; Is the data that you store still useful? Do you delete data that you are no longer required to keep?
Read more of our Cyber Checklist