GDPR Compliance – Comply in Time
GDPR highlights the need to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy. These measures include but are not limited to:
- Understanding what personal data an organization handles and where this data resides.
- Performing risk assessments to gauge an organization’s exposure to accidental or unlawful loss of this data.
- Implementing various technical and organizational controls to protect personal data
- Appointing a chief data protection officer charged with overseeing GDPR compliance.
- Article 35 of the GDPR states that data protection officers must be appointed for all public authorities.
- A risk-based approach must be adopted before undertaking higher-risk data processing activities.
- Processors can be held liable for data breaches, resulting in fines.
- Firms will only have to deal with a single supervisory authority.
- Data controllers must report data breaches to their data protection authority.
- Notice must be made within 72 hours of data controllers being aware of it
GDPR and the Environment
Data disposal is a major part of the GDPR. Kingsfield are proud to offer a secure, GDPR compliant national collection service for all your redundant IT assets. Utilising an ADISA certified collection partner we ensure complete data security for your peace of mind as well as offering the most generous rebates on the market for your redundant machines; we tick all the boxes:
- Full custody transfer and documentation.
- Blancco data destruction.
- Security checked service representative.
- Online account access.
- Privacy/Data Protection.
- Data Disposal and Erasure.
In the UK, 51% of confidential data is stored on flash drives. If a flash drive becomes lost or stolen, that confidential data is a risk of falling into the wrong hands. It is an obligation to report this incident to the data protection officer. However, without any proper paper trail that the data is encrypted, a fine is still in order. Kingsfield are able to help provide a Safe Console that enables you to access, lock and remove data without resulting in a fine. It’s the perfect paper trail, no hassle or installation, Kingsfield are there to help.
Minimising access to only those with legitimate need to access personal data is another key part of GDPR. For example, passwords need to be strong authenticated passwords to avoid unauthorised access to sensitive resources or perpetrate a full-blown breach. Furthermore, access Policy Management serves a vital function; protecting user identities and ensuring data is accessed only legitimate purposes. This enables the documentation & control of user transactions to ensure they are role appropriate. Lastly, evolving business needs around mobile devices and cloud applications create new access control considerations, such as, protecting data which fit around the access of employees, customers and partners.
Having a proactive alerting and visibility of how your network is performing and the threats affecting your network can minimise network issues. Kingsfield can help provide a monitoring system so you know there’s a problem before it’s even happened. This works by, monitoring systems, learning KPI, patterns and human behaviour, alerting you when these patterns have been broken and predicting the future.
What to do When a Breach Occurs.
In the moment of a breach, please try and contact Kingsfield as we work proactively with organisations to help your situation to ensure it is handled effectively and immediately. A strategy will be defined and the appropriate technology around that strategy will ensure that proper incident management procedures are followed, the right stakeholders are alerted and actively involved, documentation is captured throughout the investigation and remediation processes are followed to ensure proper reporting post mortem. Remember, the full process of identifying, reporting and resolving the breach must be completed within 72 hours.
Penalties under the GDPR
Organisations found in breach of the Regulations can expect administrative fines of up to 4% of annual global turnover, which can lead to business insolvency, reputation damage and customer loss. Regulatory fines can result in senior executives facing fines or even imprisonment for negligence and legal non-compliance.