We are now only six months away from the new GDPR legislation coming into force and we wanted to take this opportunity to provide some key information to assist with your preparations for these new regulations.
So, what is the GDPR?
The GDPR, or the EU General Data Protection Regulation, is a new law that is designed to strengthen the privacy and protect data for the citizens of the 28 EU countries, it affects ALL organisations that collect and store personally identifiable data on EU citizens (i.e. health data, email addresses, photographs, biometrics, social security/national identity numbers etc).
The GDPR was passed as law in the European parliament last year, and enforcement of the regulation will start on the 25th May 2018. One of the main purposes of the GDPR is to give authorities greater powers, to take action against businesses that fall foul of the new laws. For example by losing data, or not following the data protection requirements.
What are the key areas you need to focus on to show you have taken reasonable action to prevent data loss?
• Policy – Ensure that there are appropriate policies and procedures in place for handling data within your company
• Certification – apply for certification from approved bodies such as Cyber Essentials. Cyber Essentials is a new Government-backed and industry supported scheme to assist businesses in protecting themselves against cyber threats. Minerva are accredited partners and can apply for Cyber Essentials on your behalf.
• Technological Improvements – ensuring the hardware and software used to store and protect your data is properly installed and has been tested to ensure that it is resilient to attacks and breaches.
• Regular Checks – regularly testing systems, revisiting policies and procedures to ensure that data is not being stored where it isn’t needed, that data is secure and appropriately handled.
How can Minerva help?
First up, talk to us: we believe that a meeting to discuss the ways in which Minerva can assist you would be a great starting point in your preparations for the new GDPR legislation.
We are offering a Security Review service. This is delivered by one of our infrastructure and security consultants. We work through a review process to identify data security issues and system vulnerabilities and recommend appropriate corrective actions. It is an interactive process of review with you and your staff with an aim to put the solutions in place to achieve Cyber Essentials Certification.
If you would like to book a meeting to discuss this further, or require an outline quotation for our Security Review service with Cyber Essentials Certification, then please contact us on 01707 607100.