Four ways to make your business GDPR-ready
Do you know what data your business holds, and how and where it’s being stored?
From viewable documents on PC screens to USB sticks to how documents are printed, the ways that people keep and use data on behalf of their employers is coming under the spotlight, and this will only increase as new legislation comes into effect from May 2018.
The arrival of the General Data Protection Regulation next year will make the loss or theft of personal data related to EU citizens an extremely expensive error for any affected organisation.
From May 2018 the loss or theft of this data may lead to a fine of up to 20 million Euros or 4% of annual global turnover, whichever is the greater.
No matter what type of business you run, or where you’re based in the world, if you hold EU citizens’ data, now is the time to ask questions about how your organisation and its employees are protecting this information.
Understanding the requirements of the GDPR is all-important. This will determine how businesses manage, protect and administer data. Your business will need to have procedures in place for data processing activities and ensure all your IT systems are robust. Anyone with responsibility for data will be expected to handle that data in line with the GDPR.
The GDPR regards personal data as any that can identify an individual, whether this is genetic, mental, cultural, economic or social information. This could include social media profiles or photography of individuals.
Four essential steps to improving your data security:
1. Organise training
End user behaviour is all-important in the context of security. Individuals who handle data, in any form, need to use devices and paperwork safely. It will become vital that everyone keeps data secure and doesn’t leave printed materials or un-secured devices anywhere these could be seen or taken by non-approved parties.
2. Ensure secure destruction
Secure destruction of sensitive paperwork, once it’s no longer useful or a legal requirement, matters more than ever. Cross cut shredders that can shred A4 sheets into thousands of pieces should be in use in every office, or even desk side in areas such as finance, legal and HR.
3. Review printer network
Many printers do much more than print. They can scan, send and store potentially sensitive information. While this helps to streamline business processes and increase productivity, these features can make an organisation’s data vulnerable. Any printer fleet that’s connected to a network should be protected in the same way as other PCs and devices.
Printing and imaging devices store user credentials and other sensitive data such as stored print jobs. If these are not encrypted or regularly erased there is the chance they and their confidential details will be accessed.
Output trays can be an easy way for sensitive data to fall into the wrong hands. To make sure sensitive documents cannot be retrieved by any user, ensure all printers work on a pull printing requirement, and be aware that anyone with access to printer settings can exploit permissions if the settings aren’t restricted to admin-only access.
Look for printer models that can help to detect, protect and even self-heal from attacks, and for imaging and printing compliance solutions that automate print fleet security.
4. Audit storage devices
Ensuring that workers only have access to encrypted devices for storing data is vital.
Encrypted USB and SSD devices can significantly reduce the risk of a data breach and help to reduce the chances of data being stolen or illegally accessed.
In the event of a data loss, organisations that can clearly demonstrate that they had already taken appropriate technological protection measures may not need to report the breach and incur a huge financial fine.
With Banner you can improve operations and the storage of data. To find out more, please telephone us on 0845 226 4708, email joinus@BannerUK.com.