Is your business prepared for the introduction of General Data Protection Regulation (GDPR)?
The introduction of new legislation governing data protection and security
From 25th May 2018, new EU regulations will come into force that governs data protection and security.
How organisations collect, store and protect PII (Personally Identifiable Information) in the UK is already subject to the Data Protection Act of 1998. However, if your business activities include the controlling or processing of data, next year’s regulations will affect your level of legal liability in the event of a security breach.
This means if your system's security is inadequate, and you are deemed responsible for the breach, you could receive a significant fine. It is vital, therefore, that you are prepared for GDPR and have the proper network monitoring, backup and recovery measures in place to protect critical data.
Defining a data security breach
A lack of suitable security could lead to weak points in your systems being exploited. Undetected or unaddressed vulnerabilities make it easy to be hacked or infected with a virus that doesn’t just cause loss of data but may also lead to:
- unauthorised access
- unauthorised distribution
- unauthorised alteration
- corruption or destruction
Any personal data that you collect and store is incredibly valuable to the cyber-criminal, and they go to ever-more inventive lengths to gain access to it. As an SME, statistically, you are more likely to be targeted because the tendency is to overlook security issues due to a lack of awareness or making the lack of budget/manpower an excuse. However, as the new regulations will demand, this attitude can no longer continue.
Why detecting a breach is imperative
It may seem obvious but if you do not know where your weakest points are in your infrastructure, you are making your enterprise more vulnerable to attack. If the worst happens and your systems are compromised, GDPR increases your level of responsibility, especially if an individual’s data has been affected. The types of loss affecting individuals include:
- loss of confidentiality
- damage to reputation
- risk of identity theft
- financial loss
- other types of social or economic harm (assessed on a case-by-case basis)
GDPR imposes a duty on the business responsible to report security breaches to the appropriate authority and/or the affected individual(s) within 30 days.
Failure to do so could result in a hefty fine of up to 4% of your turnover. Can your business afford that?
How to protect your critical data
There are some very simple steps that you can take immediately to eliminate much of the threat from a cyber-attack. These include changing your passwords, implementing URL filtering, having anti-virus and anti-malware software, installing regular operating system updates, patching and scheduling regular backups. Below are three other recommended steps to consider.
Superior network monitoring. This will not only identify weaknesses in your infrastructure but can detect, identify and stop potential Internet-based threats. Other benefits include identifying where improvements and efficiencies can be made to enhance your network’s performance.
Implement a data backup and recovery policy. Planning for the worst and applying secure data backup and recovery measures to your business operation can help you to either avoid disaster in the first place or bounce back more or less immediately. Not only do you save downtime but you could also evade negatively impacting your brand and levels of customer confidence.
Seek professional help from an expert. At Kinetek, we have more than 20 years’ experience advising UK SMEs on data protection and security. We offer a first-class level of expertise in data backup and recovery and can advise on all areas of systems monitoring and security. We can visit you on site to assess your needs and offer a tailored level of service to suit your budget.
For more information on preparing your business for GDPR, call Kinetek on 01625 531413.