- Published: Saturday, 19 May 2018 16:30
The European General Data Protection Regulation (GDPR) comes into effective on 25/05/18. Many UK businesses are getting ready and while others may not yet heard of it or this is does not relate to them. Tougher fines and stricter regulations effect all businesses, across all industries and countries.
Remember, your business needs to take into account past and present employees and suppliers as well as customers (and anyone else’s data you’re getting hold of, storing and using)
Look hard at your security measures and policies. You’ll need to update these to be GDPR-compliant, and if you don’t currently have any, get them in place. Broad use of encryption could be a good way to reduce the likelihood of a big penalty in the event of a breach.
Securing your data
Many businesses have shared data within their business. The new regulations require you limit data access to those who actually require it for their work.
Keeping IT simple is key to any system you use, we suggest the following:
- Locking down file shares to a single user or team/groups. For example: Your HR information should only be needed by the persons who deal with Employment records or payroll.
- Data should be placed in folders within the shares to only the department who needs access. For example: You may keep Employee records in one folder and the payroll data in another. If your employee records are not needed by the payroll clerk and your HR manager needs both HR and Payroll records, the folders permissions would be set with the HR manager having access to both folders and only the payroll folders.
- File permission or passwords can be also implemented to further secure the folders. If your network shares do not allow folder permissions then adding a password to a file will restrict access further.
- If you are using an application to manage your payroll or accounts, always ensure the passwords meet best practice and are different from the users login password.
- PCs should be set to auto screen lock so that access is automatically restricted if the user PC is inactive or away from their desks.
- Backup - Always ensure you have a secure backup of any critical files and have regularly tested their restore.
- Disk Encryption - if you are using a laptop or storing the data on USB sticks, you should encrypt the disks to prevent unauthorised access in the event the device is lost or stolen. Encrypted USB sticks are available with additional software/hardware which requires a password or fingerprint to access the data. These are normally worth the additional cost and could save a large fine after a data breach.
Apart from securing your data, you should also keep your computers up to date by applying the latest updates. Install a good antivirus/anti-malware application, consider restricting access to the internet via web filtering, use a good anti-spam filter and of course train your staff.
Should you need assistance with securing your data, please contact our sales team.