GDPR – What You Need to Do
We’ve already written some information to help you understand what GDPR actually is but now we want to simplify what you need to do as a business.
Firstly, it’s important for you to understand that you might already be compliant. The ICO is not trying to make life as difficult as possible for you, it is putting into a place a set of unified rules for businesses to protect data and to give individuals better control over their own personal data. You just need to make sure that you are doiing the basics correctly and that you have the correct systems and procedures in place.
Manage, Control and Protect Your Data
GDPR applies to both personal data and sensitive personal data. If you either control or process personal information, GDPR applies to you. You must make sure that you have a process in place for managing all of this data:
- What data do you have?
- Where is the data stored?
- Who has access to this data?
- How will you respond to requests for personal data?
Make sure that you have a detailed process in place to answer the questions above, and make sure that your data is controlled, protected and managed correctly.
From 25th May 2018, you will have just 72hrs to report a data breach. If your data isn’t managed – how could you do this?
Ensure Best Practice
Part of GDPR compliance is to make sure that you have a process in place to ensure best practice. The fundamentals are detailed below:
- Implement a layered approach to security i.e an integrated technology strategy
- Encrypt your data
- Ensure you have a Next Gen Firewall or “UTM” style appliance to protect your network
- Protect all endpoints
- Analyse network traffic
- Use strong user authentication identity management
- Ensure that you have email filtering and web filtering in place
- Patch everything as soon as possible; OS, Desktops, Applications, Security Software, etc
- Design networks with permissions and hierarchy in mind (VLAN)
- Enforce password and authentication policies.
- Educate and test users
- Secure your website against vulnerabilities and malware
- Have a good, comprehensive backup solution
- Implement a mobile device management solution
A lot of this is common sense. There are so many advanced threats out there and you need to make sure that the data you hold is fully protected.
Sophos Synchronized Security
We have looked at a range of solutions to help to simplify the GDPR process for businesses, and Sophos Synchronized Security stood out a mile. It is a best-of-breed security system that enables security solutions to talk to each other, sharing information and responding automatically to threats.
Ransomware, botnets, and other advanced attacks work their way through your whole security system. Point products can stop individual elements of these threats, but these products work in isolation, and don’t communicate with each
other. In contrast, Synchronized Security allows best-of-breed products to actively work together to stop advanced attacks. By sharing security information and automating cross-system response, you enjoy faster, better protection – and simpler IT security management, saving time and effort.