If you work in IT, HR or Operations in pretty much any capacity, there’s a good chance you’re already fed up with the words in the headline. Along with the ubiquitous ‘cyber-attacks and data breaches’, data protection and data compliance are currently very topical issues.
But what does it mean to your business? In AVR’s role as trusted IT security and mobility solution advisers, we offer these six key steps to help point you in the right direction.
The forthcoming General Data Protection Regulations (GDPR) will come into law in early 2018 across the EU. There is much in the news about the scope of the regulations and the possible penalties for not meeting the data compliance regulations.
If you are starting to think about it now, and you should be as it will take you time to get your processes in place, here are our useful tips:
- Locate your data
You will need to identify the locations of all your company data. Places such as databases are obvious, but what about email archives, CRM systems, sharepoint, cloud storage, individual folders on colleagues’ devices and portable hard drives? You will need to create a comprehensive data map and work with others in the organisation to understand where and how they store data.
- Appoint a Data Manager
The GDPR regulations require public organisations or those with 250 or more employees to appoint a Data Protection Officer (DPO). The DPO will be responsible for ensuring that all of the required obligations are being met. For smaller organisations, a DPO would also be a valuable resource, helping to manage and monitor your data going forward and to make your processes operational.
- Establish policies
The regulations provide guidance on the range of policies and processes that will be required. These will include how you handle, manage and destroy data, who looks after data in the organisation, how you manage data with suppliers and third parties, maintaining a current list of data related assets in the organisation, a log management programme to identify data breaches or incidents, revised customer terms and conditions and more.
- Preventing Data Leakage
So now you’ve found all your data and established management and policies, how are you going to prevent data incidents or leakage? There are a range of very effective software solutions that can track, monitor, identify, isolate and remediate attacks. Some software can do this automatically; others have sophisticated dashboards that will monitor on a real-time basis. What you need will depend on the structure of your organisation, the systems you already have in place and how you see the business developing. One size sadly does not fit all, so you need to carefully evaluate your requirements.
- Get a data audit
This relates to point 4. Getting a data audit completed by a reputable security software vendor will not only help you to spot the vulnerabilities in your system, it will help you identify the best solutions. This will also provide reassurance to your employees, suppliers and customers that you have conducted an audit, which will help the reputation and credibility of your business
- Speak to AVR
Ideally we would like you to speak to AVR, but other software vendors are available! AVR is an independent, well established company with close relationships with the leading security and mobility software vendors. AVR is trusted by over 400 customers with their IT security and mobility processes. This can be a complex market and our job is to help protect business and provide a competitive edge. AVR’s advice is free and without obligation.
For further help and information, visit www.avr.co.uk or call 01189 344 300