GDPR laws don’t just relate to how you collect & process the data about customers & clients. The laws also take into account how you protect the data you hold. Speaking in April 2019, the ICO looked to clarify when organisations should report a breach & how to do so. “It’s important organisations understand what to expect if they suffer a cybersecurity breach,” said ICO deputy commissioner for operations, James Dipple-Johnstone.
Therefore, it’s important that you are compliant with this aspect of GDPR. The ICO (Information Commissioner’s Office) are cracking down on businesses who don’t take this seriously & experience a breach as a result. Any breach of data must be reported to the relevant body within 72 hours of the organisation first becoming aware of it. If you don’t follow this procedure, you could be heavily fined. Fines depend on the severity of the breach & on whether you are deemed to have taken compliance & regulations around security in a serious enough manner. But what do GDPR security compliance & regulations look like? Let us help you with that …
GDPR requirements for Protecting Data
Under GDPR, protecting your data goes hand-in-hand with protecting your business. The protecting data element of GDPR is in relation to Article 32. It’s all about the way businesses STORE the data they hold. As a result, GDPR has re-defined how businesses must do this. The driving force behind this is the increase in the number of data breaches that occur every year.
60% of UK SME businesses fell victim to at least one data breach or attack in the last year. So you have to be prepared for this by implementing robust storage systems. These should allow you to secure data & protect against breaches. They should also help you to easily find data.
In order to adhere to these regulations, GDPR requires all businesses to:
– Keep individual files secure wherever they go.
– Protect sensitive data in the cloud.
– Prevent unintentional disclosure.
Sophos safeguard to the rescue …
The simple way to secure data is to encrypt files before they’re uploaded to the cloud. But it’s important to do so in a way that’s seamless to your users. It shouldn’t slow them down & should allow them to access the encrypted data from anywhere, including their devices.
SafeGuard Encryption for Cloud Storage does just that. It automatically & invisibly encrypts data as it’s uploaded to the cloud storage service. And you can manage it through a central dashboard —minimising the administrative overhead. Once the file is encrypted, it must remain that way. Whatever happens to the file, whether it is moved, copied, renamed & regardless of whether the file remains within the boundaries of the device, the encryption must be persistent. If a user accidentally loses a file, it will be lost in its encrypted form, rendering it useless/unreadable to anyone without permission to view it.
Here’s how it deals with those tricky GDPR compliance requirements >>>
Keep files secure wherever they go
Sophos SafeGuard keeps your data safe even when it leaves your corporate network & devices. It is data-centric, automatically securing content upon creation.
protect sensitive data in the cloud
Automatically & seamlessly encrypt & decrypt files as they are uploaded or downloaded from public cloud storage services like Dropbox & OneDrive with Sophos SafeGaurd.
Prevent unintentional disclosure
Sophos SafeGuard delivers file-level encryption, so even if documents are mistakenly sent outside of your corporate network they are unreadable & unusable.
What regulators want to know— & what you need to demonstrate — is that your data is secure at all times independent of its location. The implications of a data breach are the same wherever the data is stored. Whether the data is on an unsecured laptop, cloud storage service, USB device or in an email attachment.
By securing data in the cloud & on file shares with Sophos SafeGuard you are able to demonstrate easily that your data is protected & prove your compliance at all times. Even if the files fall into the wrong hands, they are always encrypted so they can’t be read. This delivers seamless & transparent data protection that is independent of storage location.
What can i do to ensure compliance?
Organisations need to extend their data protection policies to focus on securing the data wherever it’s stored & not just securing particular devices. Dedicate time to understand what you need to do in order to become compliant & then create a plan of action for your journey to GDPR compliance. This will ensure you & your business are complaint sooner, rather than later.
Think about investing in best of breed technology like Sophos Safeguard to help you automate the data protection process & ensure you are always compliant of GDPR requirements. Finally, speak to experts that can help you understand & implement data security at your organisation. After all, can you really afford to be caught out?