Mn-Fr (9.00 am - 5.00 pm)
0800 987 4111
GDPR & Data Audits

GDPR & Data Audits

August 12, 2019  Like By 0 Comments

Prevention is better than cure.

In an age where profile hacks and data breaches are becoming increasingly commonplace, the importance of IT security is at an all time high. Having a robust security solution in place is a crucial element of any modern organisation, Servnet has both the expertise and service portfolio to assist you in establishing a secure environment that will help protect your organisation.

The General Data Protection Regulation (GDPR) is the biggest change in data protection laws for 20 years. It’s intended to give European citizens control over their personal data.

What’s GDPR again?
It is a new set of rules governing the privacy and security of personal data laid down by the European Commission.

What is the point of the new laws?
They have been designed to give power back to citizens over how their data is processed and used.

Under the new rules, individuals have “the right to be forgotten”, meaning they will be able to request that businesses delete their no longer necessary or accurate personal data.

Plus, the intention is to simplify the regulatory environment.

How will this impact individuals?
As well as the right to be forgotten, the law holds provisions that could potentially increase consumers’ rights over their data.

There is the potential for individuals to transfer their data from one service to another more easily — which is great news for consumers, making it simpler to swap utilities, insurance or ISPs.

How will this impact my business?

This shake-up of data protection laws is all well and good for individuals, but it could mean huge fines for businesses that don’t comply with the laws.
This is because data breaches have become increasingly common in recent years. However, giving citizens back control of their complex personal data is not necessarily easy. Plus working out how to give it back to them and how to ensure it is stored adequately throughout employment and then deleted securely is a bit of a technical and HR minefield.

How much will it cost?
The biggest change to the law is the increase in the amount of money regulators can fine companies who do not comply — up to 4% of their global turnover or 20 million Euros, whichever is greater.

What should businesses be aware of?
The Information Commissioner’s Office in the UK recommends that companies review privacy notices and ensure there is a plan in place that allows them to make any necessary changes to be in compliance with GDPR.

The ICO insists the new measures will contain many of the same principles and concepts as the current Data Protection Act.

Which means the companies already successfully abiding by the 1995 legislation will probably be covered.

With GDPR it’s never been more important to protect the data you hold on staff, clients and customers. That means all data! Payment information has an obvious value, but if passwords and secret answers are based on personal information the result of a hack could ultimately be financial loss either way.

What is a good data audit?
A good data audit should answer the following key questions:

● What data do you hold and why?
● How do you collect the data?
● How and where is the data stored
● What do you do with the data?
● Who owns and controls the personal data?
● Retention and deletion
● Who is responsible for the data and processors associated with data?
● Do you have adequate technology / process to adequately manage data processing?

The above information should be well documented and reviewed whenever there is a change made to how you handle personal data. You should be able to create a data flow document that details how personal data enters, is processed and stored and exits your organisation. This should include data that is being hosted both inside and outside of your organisation if you control it.

Once you have identified what historic you can keep and need to keep and a strategy for collecting data moving forward you need to ensure your technology is able to do what you need to do. Some key things include being able to deal, remove data, store the permission given at the point of collection (including wording as well as time, date etc.) You should also
document your justification for collecting, processing and storing the data and which of the six legal bases you are using to process the data.

Remember: you could be using different legal bases for different types of data.

The six legal bases for processing data are:

● Consent
● Legitimate Interest
● Contract
● Legal obligation
● Public interest
● Vital interest of data subject

GDPR places greater emphasis on the documents that data controllers must keep to demonstrate their accountability and the data audit should form part of a full IT governance review to ensure that your organisation is GDPR compliant.

What can Servnet do to help?
From enterprise-level threat and vulnerability assessments, to infrastructure testing and advanced anti-malware/anti-virus email protection and encryption, we can help to ensure your customers are GDPR-ready.

No matter how big an organisation is, security must be unified across the whole workforce, because one error or lapse of judgement can bring a whole enterprise to its knees. Our Security & Compliance solutions have been created to prevent that from happening.

Security is currently the number one priority for the majority of businesses, let Servnet keep you ahead of potential threats with our Security & Compliance solutions.

Services we provide- Security & Compliance:
● Vulnerability Assessment
● Cyber-Security Threat Detection and Vulnerability Assessment
● Penetration Testing
● GDPR — Portal Assessment
● GDPR Professional Services
● Virtual Data Protection Officer
● Phishing Awareness
● Cyber Essentials Assurance & Compliance

Don’t hesitate to get in touch if you want to know more

Don’t hesitate to get in touch if you want to know more

Related Posts