Does your business hold personal data about clients or customers? If so, then you need to start making preparations for the General Data Protection Regulation (GDPR) coming into force in May 2018. Noncompliance could result in your business being fined up to €10,000,000 (£8,7799,181) or 2% of your total worldwide annual turnover, whichever is higher.
What exactly is GDPR?
GDPR relates to data protection and many of the points contained in it are very similar to those in the current Data Protection Act (DPA). However, the three main issues highlighted by the GDPR are:
- Data protection standards established
- Data breach notification requirements
- Security failures
A key element to all these factors is appropriate protection for the personal data your business holds about your clients and customers. One way to help you meet these requirements is through encryption.
What is Encryption?
Encryption encodes data and information so unauthorised parties cannot read it. This safeguards people’s personal information and protects it from unlawful processing and misuse. There are two types of encryption;
- Encrypted storage which is used to protect disks, drives or devices.
- Encrypted content which applies to files or text, such as emails.
Encrypted storage is particularly important for remote workers who can access company documents away from the workplace on devices such as laptops. The devices can be locked away to keep them secure when not in use, however, there is a risk of theft or the laptop being lost when being used away from the office or at home. The data on the laptop can be encrypted so if it is lost or stolen then the information is protected against unauthorised access and misuse.
GDPR and Encryption
The GDPR expressly states that businesses must put in place processes to encrypt personal data and protect against data breaches. Under GDPR, if data is breached but this data was encrypted and rendered unusable then the business will not have to notify their clients of the breach. Encryption will not only protect your clients and customers data but it will also protect your business and ensure you comply with the GDPR regulations.
GDPR Considerations
Whilst GDPR does not come into effect until May next year (2018), it is very important to start putting processes in place now to ensure compliance. The Information Commissioner’s Office has put together 12 steps you should be taking now to prepare for GDPR which look at:
- Awareness
- Information you hold
- Communicating privacy information
- Individuals rights
- Subject access requests
- Lawful basis for processing personal data
- Consent
- Children
- Data breaches
- Data Protection by Design and Data Protection Impact Assessments
- Data Protection Officers
- International
How Woodstock IT Services Can Help Your Business
Nearly 80% of businesses are unprepared for GDPR according to a new survey conducted by independent analysts, the results of which ESET discuss here. The team at Woodstock IT Services can help your business become GDPR ready.
We can review your IT systems and hardware to establish what protection you require and then implement the necessary encryption for you. Whether you are using PCs, Macs, Tablets or Smartphones we can ensure these are protected and compliant so you are GDPR ready.
Our recommended encryption supplier is ESET who has been protecting our clients since 2013. ESET Endpoint Encryption uses a combination of public and private keys to make encryption as simple and powerful as possible and is a best in class product. When your systems and data are safe and secure, you are compliant and unlikely to receive a hefty fine should the worst happen.
To discuss your requirements and to gain peace of mind that your data is protected in the event of a breach, please call us on 01403 290321 or email [email protected].
