Compliance and security are important for any organisation, but in 2018 we will see some key changes that require any organisation handling personal data to adhere to new regulations.
GDPR, or the General Data Protection Regulation, will come into force on the 25th May 2018, and will have implications for all organisations who hold data of any type or format on EU citizens. Businesses not in compliance from the enforcement date can fined up to 4% of their annual turnover depending on the severity of the infringement. GDPR will have different implications for different organisations and is just as much about process as it is about technology.
As all organisations are different, GDPR and security in general should be approached on a bespoke basis, to ensure that the controls in place are right for the types of activity which happen on a daily basis.
Other non-regulatory compliance requirements such as ISO (27001/ 27002) standards may be integrated into your organisation, which may have already laid the groundwork for GDPR. On the flip side of that, GDPR offers a good starting point for some of the ISO standards if they are on your roadmap moving forward.
We have a few ways in which we can support your organisation moving forward:
- Understand your data-protection obligations through internal audits and reviews. Here the flow of data in your organisation is mapped by understanding systems you use.
- Identify vulnerabilities in practice, process or technology. This is where the bespoke element comes in, as daily tasks, process and systems vary from organisation to organisation.
- Meet regulatory obligations by using the correct processes and technology. To meet the minimum of regulatory obligations, some changes to process and technology may be required.
- Risk mitigation is the first step to good security practice, and will reduce the chances of data breech in the first place. This is achieved by securing both your company network(s) and devices with security hardware and software rich in function and analytics.
- Control the devices you use centrally and securely to protect both the devices and the data on them by enabling controls such as remote-wipe and location. Here we introduce services which simplify the initial roll-out and updating of devices reducing the cost of IT, and include greater visibility for audit-trail.
- Save money on the compliance and security overhead by achieving greater operational efficiency and technology consolidation.
- Layers of protection are intrinsic to risk mitigation. Services run in the cloud, on your organisational network(s) and on your devices offering the most compressive of security solutions.
- Location shouldn’t be a deciding factor on whether a device is protected against threats or not. Whether you’re working from the office, home, or on a public network.
- Resilience to threats of direct attacks to your organisation, as well as redundancy in key equipment and services keep your organisation running. Intelligent networks can quarantine devices on your network that pose a threat automatically, as well as being constantly updated with the latest threats via integrated intrusion detection and prevention (IDS/ IPS) engine.
If you’d like to know more on this topic, please get it touch.