IT Services to help with GDPR

If you’ve not started preparing for the incoming (25th May 2018) General Data Protection Regulation (GDPR), one the best places to start is looking Information Commissioners’ Office (ICO) “12 steps to take now“. So what IT solutions could you throw behind your companies preparation for GDPR?

Adding new IT services to your business is not going solve your GDPR but it can help to form the framework, the processes and the procedures to accommodate the new regulation.

Data Loss Protection as a Service

Data Loss Protection (DLP) Service can help a business protect its company data not only from unauthorised access but from those that have access to it. How do you stop users from copying all your company data to their laptop? DLP service can enforce a range of policies that will prevent users from copying the entire company drive or uploading it to the cloud. A DLP service can provide the organisation with an effective deterrent and reporting tool.

• Information you hold: Audit the information you hold not just on servers but also company devices
• Data Breaches: Employees coping large amounts of data, should they be doing this?

Document Management Solution

A system such as Microsoft SharePoint allows your business to manage better storing of data. Documents and files can be categories at the time of creation, and historical changes recorded. They can also help to register how information is shared out. Systems such as SharePoint can also be set up to limit how data could be copied or shared. They include powerful search, and indexing tools making auditing easier task.

• Children: Categories sensitive data
• Information you hold: Categories where it came from and to whom it was shared with
• Data Breaches: Limit staff exposure to all company data
• Individuals’ Rights: Auditing and search of individuals information held by your company
• Subject access requests: Individuals could self-service access to their information if your business would be subject to large number of requests

Robust Backup and Recovery Solution

Imagine if your business is infected by Cryptolock malware, locking you out of all of your company data? The backups you have, don’t work or only give you limited access to data, that complex customer database is unretrievable. Outside of the unimaginable damage, it would cause the business, a request for access to personal information is received. The right for individuals to delete personal information held about them.

• Subject access request
• Individuals’ right: How do you check what information you hold on old backups?
• Data Breaches: Backup information was lost but was encrypted and/or data was pseudonymisation

Network, Cloud and Computer Security

This is not one particular product, but a range of security services your business should be using. These provide layered security approach to your IT strategy. These might include:-

• Malware and Virus protection on computers
• Internet filtering or DNS filtering
• User and physical network access
• Logging and detection of potential intrusions (IDS)
• Intelligent firewall that includes above services

 This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping ‘denial of service’ attacks and damage to computer and electronic communication systems

Network and information security as overriding legitimate interest

Privileged Access Management (PAM) & Single Sign-On solutions

May sound fancy, but its a system that manages and records users access to files or company applications. Many companies already have one if they have a Windows Server in their business, its called Active Directory. There are other solutions for those who don’t have a Windows Server environment or require a comprehensive system.

Enterprise Search Engine

If your organisation has large amounts of data spread across multiple file servers, applications, databases, email and cloud services, it may benefit from centralised search solution. It would be like have your own internal Google that is continually indexing your company-wide email, files, documents and databases. In fact, Google does offer such a device, called the Google Search Appliance. Such a solution would allow a Data Protection Officer to carry out compliance.

• Information you hold
• Individuals rights
• Data Protection Officer

Cloud Productivity Suites

Two of the most popular Business Productivity Suites, Google G Suite and Microsoft Office 365 offer security and compliance tools allowing an overview of your company data in the cloud. Information held in your email, documents in your SharePoint site, personal files held in OneDrive and information exchanged between Skype or Teams. These can be searched, categories and audited for GDPR purposes.

• Information you hold
• Individuals rights
• Data Protection Officer

We hope to get produce another blog post in the new year list further resources.

If you would like to learn more about GDPR, security and data compliance, then please contact David or Jamie on 0330 058 1701 or email [email protected]