We can hide from it but truth is the new General Data Protection Regulations (GDPR) are coming into effect on 25th May 2018, these new regulations affect the personal data that every business processes, further more the definition of Personal Data has changed.
What is the definition of Personal Data?
The GDPR changes the definition of personal data, it is fair to say that information you would previously not have classified as Personal Data will be under the GDPR.
Countdown to GDPR becoming active
No need to panic if you are not ready, there are no immediate fines,
but you should think about protecting your data and we are here to help.
What do you need to do?
This is different for every business but there is some common ground, the very first thing that you need to do is a DPIA (Data Protection Impact Assessment), in its simplist form this is a list of all the different types of personal data you process, why you process it, on what legal basis you process and how you protect and manage it, you may remember from a previous post we described the GDPR as a “risk based regulatory framework”, with that in mind you need to put policies and procedures into place to reduce your liability by reducing any potential damages to the rights and freedoms of any person.
Once you have your DPIA then you can question if you actually need the data and then minimise the personal data that you hold and protect it.
Security by design
GDPR states that security should be by design and with the current technologies available but without involving unrealistic costs, some of the security measures you can implement can be done very cost effectively, for example ‘Access Permissions’ only giving access to those that actually need access, another measure may be disk encryption, if enabling disk encryption then there are some specific guidelines from the NCSC (National Cyber Security Centre) which should be implemented, if you need assistance implementing protection then please get in contact.
Our Top Tip!
A Cyber Essentials Certificate is a great way for you to ensure and demonstrate that you have taken adequate security measures on your computers to keep them safe from Cyber Threats.