Our June blog post looked at what a business needs to do in the run up to the implementation of the new General Data Protection Regulation (GDPR) and the past few months since then have raised some interesting issues; one of which is the impact on cyber security. With a six part blog series on our website that looks at the importance of keeping sensitive information secure (both on and offline), and a general interest in cybersecurity, we feel the fact that GDPR could have a positive impact on a business’s cybersecurity could well be an unexpected benefit of this legislation. So we thought we’d take a look at how GDPR can help a business filter through what exactly constitutes personal data and how security processes can be tightened up.
There are many lists out there as to what exactly constitutes sensitive personal data, but the easiest way to think of it is a piece of information about a person that can be used, either in its entirety or in conjunction with another piece of information, to identify a person. In the years before social media (remember those!) this could have been date of birth, passwords and pin numbers, however with internet giants now holding vast swathes of personal data, the new legislation has been expanded to include emails, IP addresses and location details alongside any details of physical characteristics such as race, gender and age. Using GDPR as an opportunity to filter through all the data your business holds will help you gain control of the data and subsequently understand the risks and plan accordingly.
In 2017 we gained ISO27001 accreditation, the international gold standard when it comes to information security management and a clear demonstration to our clients that we value and protect their personal data. While undertaking the process, we found the required gap analysis to be one of the most useful tools for identifying any possible security breaches and allowing us to develop and implement processes to ensure all the data we hold is adequately guarded. Even if you are not planning to gain this particular ISO for your business, a gap analysis can be a useful tool that could help you gain GDPR compliance by the May 2018 deadline.
While some cybersecurity experts have voiced their concerns that business will refrain from using Cloud based software as a result of GDPR, others see the new legislation as an opportunity to throw out old and outdated legacy practices and introduce new best practices, with clearly defined processes and measures. Getting a professional in to assess what software you have in place and make recommendations is essential to ensure any online practices are fully protected.
With eight clear months until GDPR becomes law in May 2018, there is still time to make sure your business is compliant and avoid possible fines. We’ll be putting together another blog on this topic in January 2018, with only five months to go then we’re sure to have some good tips on making sure you are compliant in time.