We’re all aware by now of GDPR and the huge fines companies risk if they don’t take steps to comply with it.
There are two sides to GDPR:
In this article we’re going to look at each of these in turn.
The very question of how your company handles the collection of personal data must be further broken down:
GDPR is all about holding companies responsible for the data they collect and store. Those same companies will be penalised if their data is leaked or stolen.
The regulations centre on two issues: have you got a good reason to collect this data, and can you prove you are carrying out due diligence in protecting it from a data breach?
This is an IT security issue at heart, and so the government-approved Cyber Essentials security certification is your benchmark for complying with GDPR standards.
Since 2014, all companies that work with the government and their contractors have needed this certification in place. But it’s a recognised standard of assurance that all businesses can benefit from.
There are two certification options: Cyber Essentials, and Cyber Essentials Plus. The first lets you self-assess, and is an easy-to-follow process that results in certification. The second is similar, but boosted by the fact that you’re assessed by a third party ‘Certification Body’.
The areas that Cyber Essentials checks include:
This might seem like a lot to go through, but once it’s done you know you’ve got a good security base from which to work. As an IT provider we welcome any attempt for security to be taken more seriously!