What does GDPR mean for your business?
The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. The new rules replace the old Data Protection Directive and will literally affect every single business outside the USA that collects data about people living in the EU. As you may have heard, businesses that don’t comply with GDPR could face hefty fines of up to 4% of their annual turnover, or €20 million (whichever is greater). Scary stuff, huh?!
So what’s GDPR all about, then? Well in a nutshell, it’s designed to give consumers more protection and increased privacy around the information companies hold about them. People will have more rights over the type of data that’s collected (names, email addresses, dates of birth so on) and how this is used.
Under one of the more controversial elements, people can even ask you to transfer their personal data to someone else – effectively giving them carte blanche to hand their custom over to your competitors. Eek!
There are 8 key principles within GDPR. You must make sure the personal info you store and collect is:
- Treated fairly and in line with the law
- Obtained and used only for the purposes you specify
- Adequate, relevant and not excessive (e.g. why hold someone’s date of birth if you don’t do age-based marketing?)
- Accurate and up to date
- Not kept for longer than necessary and deleted on request
- Processed in line with consumer rights
- Held with appropriate levels of data security
- Not transferred abroad without ensuring adequate legal protection.
If your business suffers a data breach, you’re legally obliged to let the Information Commissioner’s Office know within 72. And as noted above, any breach could result in an eyewatering fine. So, rather than sitting around and waiting for 25th May to come around, we recommend you act NOW!
Here at RoundWorks, we can help get your data storage and IT security systems up to scratch, so your computer networks and data are well-protected and there’s less chance of a breach. Here are some of the systems and processes we can put in place to make sure your business complies with GDPR and keeps hackers and cyber thieves at bay.
When GDPR comes in, your business will be legally obliged to have a disaster recovery plan in place and to test it regularly. We can help you implement this, so your business is prepared for the worst and can keep on trading without serious disruption or data loss. Typically, we can get your business back online in just a few hours after disaster strikes. Regular backup and disaster recovery testing will be included as part of your two FREE annual IT audits when you choose our Managed IT Support service.
We work with leading backup and recovery vendors including Storagecraft, Veeam and Acronis to offer a choice of solutions that we can tailor to your individual needs. Your backups can be stored onsite or in the cloud, or a mixture of both. We can back up your data in real time, so you’ll able to recover the very latest version of each file. We can also enable advanced data encryption – yet another requirement under GDPR for storing sensitive personal details.
If you’re using a free or low-grade anti-virus service, you need to sort this out sharpish. Products aimed at domestic users aren’t just vastly inadequate for protecting your business, you’re also violating their terms and conditions by using them commercially.
Ask RoundWorks to manage your anti-virus instead. We have access to a range of enterprise-level services, with solutions available to suit any size or type of business. It’s so important for you to have the right level of security in place – and you can trust us to make this happen at an affordable price.
Your computer networks will doubtless have built-in firewalls, but these probably aren’t enough to keep the (cyber) wolves from the door. Depending on your requirements, we can put sophisticated network security measures in place that will keep unwanted traffic out of your infrastructure, dramatically reducing the chances of a security breach.
These include content filtering (see below), intrusion detection and threat prevention systems, virtual private networks and bespoke application controls that limit your users’ access to only the programmes they need to do their jobs. Cyber security partners we work with include Watchguard, Webroot SecureAnywhere and AppRiver.
It stands to reason that your wireless networks need to be completely secure if you’re to prevent unauthorised access that could lead to hacking and data theft. Our expert engineers can put a robust system in place with business-grade access points. Features include dedicated security radio, which instantly detects interference, vulnerabilities and attacks.
To keep your wireless network as private as possible, we recommend you set up a separate, guest network for visitors, sub-contractors, clients and so on to use. This keeps non-employees away from your main business network, helping maintain its security and integrity.
Do you know what your staff are getting up to online when your back’s turned? OK, they might not be accessing anything unethical or illegal (at least we hope not!), but there are so many sites out there that are jam-packed with viruses just waiting to infect your network, without you even knowing
Managed web filtering can help stop this happening by blocking access to ‘problem’ sites which could pose a threat to your business. You can add an option to unblock the site if you’re 100% sure it can be trusted, or deny access altogether.
Most virus and malware attacks don’t just happen by themselves. In most cases, they’re a direct result of people opening emails or clicking on links that are infected. It can literally take a tenth of a second for an unthinking staff member to bring down your entire network.
Of course, training and awareness-raising plays a big part in preventing this kind of cyber attack. But you also need to make sure these malicious emails and other spam don’t get to your inbox in the first place. Powered by AppRiver, our email spam filtering system provides 99% protection against spam and viruses in real-time.
It even offers disaster recovery for onsite Exchange servers. This means that if your internet and Exchange server both go down in the same location (i.e. your office), AppRiver will hold your emails until everything’s back up and running. So you don’t lose any emails and you don’t lose face, either.
Other things to consider
Getting your data and IT security ducks in a row is just one aspect of GDPR. There are other things to consider, too, such as appointing a Data Protection Officer (DPO); reviewing your data to see what you need and don’t need; putting robust passwords in place; and contacting your customers to tell them what data you hold about them and why.
Luckily, there’s lots of information online, or you could book onto a training workshop or seminar to help your business prepare effectively for GDPR.
And finally…some good news
GDPR might sound like a lot of hassle, especially if you’re a small business with limited time and resources. But there are some benefits to compliance – like showing your customers you’re a trustworthy organisation that takes care to protect their privacy and personal information. So it’s not all bad, is it?
Ask RoundWorks to help with GDPR today
Contact us today to discuss how we can help you comply with GDPR in good time for the launch date. We’ll arrange a visit from an expert engineer to audit your existing IT systems and recommend the changes and upgrades you’ll need to make to meet your obligations.