It’s been just over a year since the GDPR (General Data Protection Regulation) came into effect in the UK. Since it was launched, the ICO has recorded a rise in data protection complaints, which goes to show how important people take their data management and any potential abuse of it.
What’s more alarming is that according to the law firm DLA Piper, European businesses have reported 59,000 data breaches since GDPR was implemented, with Google currently receiving the highest fine for a data breach of €50 million!
Since businesses who’re not compliant are liable to fines of up to 4% of their annual global turnover, it’s more important that even to ensure you minimise the potential risk for any kind of data breach.
So, how can you minimise your risk?
A great deal of large companies hired consultants and specialised organisations to help them become GDPR ready, spending almost £1 billion in the process. However, according to an independent study conducted by USBMakers.com, only 42.5% of respondents audited their data processes on the run-up to GDPR and only 16.8% appointed a data protection officer.
1- Review Internal Processes
Appointing a DPO is mandatory as they are held accountable for data management within their respective organisations and are required to report any data breaches that occur. So, the first step to minimise risk is to appoint a DPO and review all internal data management processes, including:
- Privacy policies
- Data capture & storage
- Access to data
- Deletion of data
- Security
2- Implement Data Security Technologies
When it comes to minimising data breaches, it’s important to ensure you have the necessary security in place. People are your biggest risk. This is not to say that employees are going to siphon off data, be manipulative or allow hackers in through the backdoor, it simply means that human error is common. There are so many potential risks, including phishing emails, viruses, errors in data entry, etc. As such, it’s important to implement intelligent security software that will protect staff and your data. Consider the following:
- Data back-ups & recovery
- McAfee or Norton anti-virus
- Checkpoint security management software
- Hardware authentication
- User-behaviour analytics
- The Cloud
3- Move to the Cloud
Most data breaches occur due to a vulnerability and no matter whether you store data in the cloud or on-premise, there are still risks. Ultimately, keeping your data secure is your responsibility as well as your cloud provider’s. As such it’s important to test any new system you implement.
What’s surprising is that only 28% of the USB Makers survey respondents currently use the cloud when cloud technologies are more secure than storing data on premise.
One of the biggest concerns people have surrounding cloud storage is loss of data rather than it being hacked. However, it is possible to use multiple systems to ensure your data is secure and backed up by using a sharing platform in unison with the cloud storage you opt for, which will track changes and store deleted data.
Other considerations:
- Use two-step verification
- Encryptions methods used by cloud providers
- Complex passwords
4- Monitor & Secure Hardware
Whether your staff is entirely in-house or on the road, it’s important to monitor all activity and interaction with the data you hold to ensure it is secure.
There is software that can monitor this, including Checkpoint and various other user-behaviour analytics which may highlight any unusual activity, allowing you to act before a data breach occurs.
At one-point BYOD (Bring Your Own Device) was popular, however, with a greater emphasis on the security of late, the tables have turned, and company-owned hardware is suggested as the most secure way of protecting your data. It allows you to maintain control and minimise risk by adding the necessary security software on to each device, including two-step verification and hardware authentication.
5- Educate Staff on Risk Implications
What’s surprising is that 30.2% of the USB Makers survey respondents did not know whether they’d been hacked and are therefore open to potential risks. Since people are the greatest risk to data it’s more important than ever to ensure staff has a greater understanding of the rules and regulations of GDPR along with the associated risks to data.
The number of complaints and reports will only continue to rise as data protection agencies scale up their inquiries and have increased resources available to them. It’s for this reason that businesses should consider reviewing their compliance and security regularly, ensuring all staff, current and new are up to date with the latest news and information.