Are you General Data Protection Regulation (GDPR) ready?

July 26, 2017

Almost every day we hear about losses of personal data, whether it’s a malicious attack or an accidental loss. The negative impact on an organisation’s reputation, imposed regulatory fines, reduced share price or loss of income can soon mount up. Businesses, law enforcement, the European Union (EU) and UK Government are now focusing on the need for effective cyber security risk mitigation as never before.

 

The challenge

In May 2016 the EU approved the General Data Protection Regulation (GDPR), born of a need to regulate data protection, amongst other data concerns, throughout the European member states by updating the now archaic 1995 Data Protection Directive (DPD); a set of laws created at the onset of the internet era and long before the digital age.

Organisations have been given a two year lead in period to ensure they become compliant, ending 25th May 2018. GDPR identifies stringent compliance requirements for the protection of personal and sensitive data and information and provides greater predictability and efficiency for organizations that do business in the EU. It also offers EU residents increased data protection rights. Even though failure to comply with GDPR regulations can result in fines up to 4% gross annual turnover, according to a recent survey, only half of UK IT decision-makers are aware of GDPR at all, never mind how this law will impact their business!

 

AND DON’T FORGET:

GDPR does not simply apply to EU domestic business, but to companies worldwide that target their goods and services to European citizens.

 

Take our self-assessment – are you GDPR ready?

The following questions will help to determine if your organisation is prepared in the key areas required to meet GDPR compliance. Please consider the answers to these questions based on your own organisation and any contracted suppliers who may come into contact with your data and information.

  1. Are key stakeholders in your organisation aware of the changes around GDPR and its implications to your business?
  2. Does your organisation have a designated Data Protection Officer (DPO) or someone with specific responsibility for data and information privacy?
  3. Do you know, and have you documented, the types of information held across your business, the relative importance, sensitivity, and how the information is being used?
  4. Does your organisation collect, process and/or store data about children, and if so, have the GDPR implications been identified, assessed, documented and appropriate remediation plans defined?
  5. Has your organisation carried out an assessment to identify system and control changes that may be required as a result of GDPR?
  6. Does your organisation have a process to effectively identify and implement appropriate security controls and architecture requirements during the development of new systems?
  7. Does your organisation have a process to identify the need to undertake, and complete Data Protection Impact Assessments?
  8. Does your organisation understand where its data and information is held, how it is processed and the controls applied (particularly when it comes to cloud computing, third party suppliers and partners, and foreign jurisdictions)?
  9. Have you revised your organisation’s (security) incident reporting plans and processes to address the identification, management, investigation and reporting of data breaches?

If you have answered ‘no’ or ‘don’t know’ to more than one of these questions, you may need help in implementing processes and procedures that will help your organisation become more prepared for the onset of GDPR.

 

How can NAS help?

GDPR is a key business driver to help ensure effective cyber security control. NAS can support you with planning for, implementing and managing greater GDPR compliance by recommending and introducing the most appropriate and cost effective solutions from our privacy and data security partners such as EgoSecure Data Protection who offer a complete solution portfolio that solves the most important data protection issues at the endpoints and also meets the requirements of the GDPR.

If you would like to learn more or perhaps take advantage of our free trial evaluation software then please don’t hesitate to contact us on sales@nas.uk.com or call us on 01491 821640 to speak with an advisor.