If you’ve not started preparing for the incoming (25th May 2018) General Data Protection Regulation (GDPR), one the best places to start is looking Information Commissioners’ Office (ICO) “12 steps to take now“. So what IT solutions could you throw behind your companies preparation for GDPR?
Adding new IT services to your business is not going solve your GDPR but it can help to form the framework, the processes and the procedures to accommodate the new regulation.
Data Loss Protection (DLP) Service can help a business protect its company data not only from unauthorised access but from those that have access to it. How do you stop users from copying all your company data to their laptop? DLP service can enforce a range of policies that will prevent users from copying the entire company drive or uploading it to the cloud. A DLP service can provide the organisation with an effective deterrent and reporting tool.
A system such as Microsoft SharePoint allows your business to manage better storing of data. Documents and files can be categories at the time of creation, and historical changes recorded. They can also help to register how information is shared out. Systems such as SharePoint can also be set up to limit how data could be copied or shared. They include powerful search, and indexing tools making auditing easier task.
Imagine if your business is infected by Cryptolock malware, locking you out of all of your company data? The backups you have, don’t work or only give you limited access to data, that complex customer database is unretrievable. Outside of the unimaginable damage, it would cause the business, a request for access to personal information is received. The right for individuals to delete personal information held about them.
This is not one particular product, but a range of security services your business should be using. These provide layered security approach to your IT strategy. These might include:-
This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems
Network and information security as overriding legitimate interest
May sound fancy, but its a system that manages and records users access to files or company applications. Many companies already have one if they have a Windows Server in their business, its called Active Directory. There are other solutions for those who don’t have a Windows Server environment or require a comprehensive system.
Personal data should be processed in a manner that ensures appropriate security and confidentiality of the personal data, including for preventing unauthorised access to or use of personal data and the equipment used for the processing.
If your organisation has large amounts of data spread across multiple file servers, applications, databases, email and cloud services, it may benefit from centralised search solution. It would be like have your own internal Google that is continually indexing your company-wide email, files, documents and databases. In fact, Google does offer such a device, called the Google Search Appliance. Such a solution would allow a Data Protection Officer to carry out compliance.
Two of the most popular Business Productivity Suites, Google G Suite and Microsoft Office 365 offer security and compliance tools allowing an overview of your company data in the cloud. Information held in your email, documents in your SharePoint site, personal files held in OneDrive and information exchanged between Skype or Teams. These can be searched, categories and audited for GDPR purposes.
We hope to get produce another blog post in the new year list further resources.
If you would like to learn more about GDPR, security and data compliance, then please contact David or Jamie on
