How Organisations Can Prevent Data Breaches & Meet GDPR Compliance

26/06/17 Wavenet
How Organisations Can Prevent Data Breaches & Meet GDPR Compliance placeholder thumbnail

On the 25th of May 2018, every organisation which is involved in the handling of personal data will enter a new world full of major challenges. Despite a vast amount of content already written on the subject and the fact that the acronym GDPR (standing for General Data Protection Regulation) has become the latest buzzword in our offices, a recent IDC report found that 40% of organisations are only just getting started and 17% still have no plans or strategy in place. With less than a year left until the GDPR comes into effect, we are here to talk about a solution which will add strength and value to your compliance strategy.

Security Standards

It is important to note that meeting the security standards is not just about technology solutions, it is also about the people within your company and the processes which everyone need to be aligned to. This involves training and plenty of communication to ensure your employees are aware of their responsibilities.

Before we get started, let’s establish exactly what the EU General Data Protection Regulation is and why you should bother to pay it any attention at all.

GDPR

 

The GDPR was approved and adopted by the EU Parliament in April 2016 and the UK government has confirmed that the regulation will take effect regardless of Brexit. This is the most significant privacy regulation update in the past 20 years, period. With the increasing number of organisations operating across borders on an international level, it is crucial to have consistent laws and regulations around data protection in place. Therefore, the regulation doesn’t apply only to organisations located within the EU but to any company that handles, stores or processes personal data and information on EU citizens.

 

Non-compliance

 

The consequences of a GDPR non-compliance will be much more severe than the penalties introduced by the Data Protection Act (DPA). The maximum fine that can be imposed for very serious infringements is up to 4% of the annual global turnover or 20 million Euro, whichever is greater. The new law also requires that notifiable breaches have to be reported to the relevant authorities within 72 hours of the company becoming aware of it. Failing to notify about a breach in this time frame can result in a significant fine of up to 2% of the global annual turnover (or 10 million Euro).

 

Encryption and Restrictions

 

Besides the encryption of personal data, the regulation requires the restriction of access to personal data. Your system is as safe as your weakest link, and we know that privileged users are the most common culprits for misuse in any organisation. No matter how well you try to protect your organisation, a breach is extremely likely to happen at some point, therefore the key is to understand how to detect breaches in real time and prevent them from happening.

 

Dedicated Solutions

 

Dedicated solutions for managing privileged users and sensitive information ensure the strongest level of security for those who have the highest level of data access and editing powers. Therefore, controllers and processors should have some level of user authorisation and a monitoring process. Companies will need to protect data in the same way that they protect critical infrastructure assets, requiring users with access to personal data to be monitored.

 

 

Security & Compliance, Articles

Latest blogs

See all posts
Portrait shot of young woman standing outside with tree seedling in pot and smiling cheerfully.
Taking on the Green Challenge this Environmental Awareness Month!

This month, our focus is on how small, sustainable changes can make a big impact on our planet. As part of the Green Challenge, we are inviting all colleagues to take a personal pledge to adopt more eco-friendly practices. Every little change counts, and together, they can make a significant difference.

Read more
A smiling young woman works on her laptop at home, surrounded by lush plants and a small wind turbine.
Small Changes, Big Impact

This September, We're Celebrating Environmental Awareness Month. This September, to celebrate Environmental Awareness Month, we will embark on a journey to inspire more sustainable living and environmental stewardship among our colleagues. Here’s a look at the impactful initiatives we will introduce internally:

Read more
Person using mobile phone and a laptop.
How businesses can use Microsoft Intune to protect their endpoints

At a time when IT teams are dealing with increasingly complex challenges - from protecting their infrastructure against known and emerging cyber threats to managing the IT needs of a growing number of hybrid and remote workers - having little to no management of the volume of user applications and devices, at scale, poses a problem for organisations. One that – without an effective solution – could dominate IT workloads and leave them unable to focus on providing strategic and business critical IT support.

Read more

Stay service-savvy

Get all the latest news and insights straight to your inbox.