How do I become GDPR Compliant?
Introduced in January 2012, the EU GDPR or General Data Protection Regulation will be enforced on 25th May 2018. It has been developed to provide a cohesive data privacy law for companies (Data Controllers and Data Processors) and increase data protection for citizens (Data Subjects) who reside in Europe. It replaces the Data Protection Directive 1995, a 21-year-old law that allowed countries within the EU to set their own data and security standards.
The law automatically applies to every company, large or small, government agency and non-profit around the world who collect, store and process personal data by any means or from any device on an EU citizen. Any non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU to become GDPR compliant.
Companies in the UK are urged to start making preparations for the GDPR as Brexit will have no impact on the obligations and liabilities of the directive.
“100 banks in 30 countries lost USD1 billion in coordinated attacks over two years.”*
The GDPR represents a necessary change to personal data privacy and security concerns, reflecting the increasing use of data capture from social media, online sales, payment solutions, search engine habits and device tracking, plus financial and health records. Critical information held on individuals must be managed securely and records of processing activities must be maintained, that include purposes of the processing and categories involved.
Individuals in the EU will have a right to greater transparency regarding what data is held about them, and be assured that wherever in the world information about them is sent and stored, that it is managed responsibly.
With a number of recent high profile data breaches, the EU has recognised that it is an individual’s fundamental right to data protection and accountability.
“157,000 customers had personal information hacked in an attack at a UK provider of telephone and broadband services.”*
Most businesses (Data Controllers) outsource to tech companies (Data Processors) for management of their end-user data and this information is generally held in the cloud. Cyber-criminals are constantly developing sophisticated threats and the GDPR sets out joint liability for both Data Controllers and Data Processors to implement stringent controls over data security.
Failure to comply to the GDPR means companies can be fined up to 4% of their annual turnover or a maximum of €20 Million for the most serious infringements.
Compliance can be challenging to understand and implement, affecting legal, HR and IT administrators. Many companies fail to understand the consequences of a data breach, and vulnerabilities within their IT systems and fail to make improvements, something which could soon prove very costly.
The basic requirements of the regulation demands:
- Companies must demonstrate that security measures have been implemented to protect Data Subjects, especially companies in high-risk industries.
- Businesses need to validate the Data Subjects identity, quickly produce all personal data held and correct, transfer and completely erase data on request.
- Notify the Supervisory Authority (SA) in the UK within 72 hours a personal data breach “leading to the unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data”.
- Increase control of data transfers globally.
Time is running out. The first step for any business that is affected by the GDPR is to review their current privacy and data management practices and set out a new data security strategy. Start assessing any security vulnerabilities and establish whether they need to make amendments to their procedures and any physical changes to their infrastructure.
What is MaaS360?
MaaS360 Mobile Device Management offers a comprehensive, highly secure solution where you can manage and protect mobile and Internet of Things (IoT) devices, people and profiles, apps and corporate data, through one single portal. It provides GDPR compliance, early detection and assessment of risk exposure, and limits employee access to only those who need it to perform their job.
It simplifies mobile device management (MDM) and can be rapidly deployed, providing visibility and control across your mobile devices, applications and documents and easily integrates with your existing IT infrastructure. IT administrators can quickly add devices, manage configuration and monitor security, implement actionable insights, offer support, and run analytics continuously from a web-based portal.
The solution offers full support on the latest mobile operating systems for iOS, Android, Windows Phone and BlackBerry, with the ability to set security policies and automated compliance actions, such as requiring a password or blocking a compromised device. Integration is simple and straightforward through the MaaS360 Cloud Extender, without the need for on-site servers or network reconfiguration.
- Increased security and compliance enforcement.
- Reduce the cost of supporting mobile assets.
- Enhanced application and performance management.
- Helps ensure better business continuity.
- Increases productivity and employee satisfaction.
- Simple and fast with an exceptional customer experience.
If you are concerned about the GDPR and how it will affect your business, get in touch with a member of our team today on 0333 321 4888. We will be happy to guide you through the details and recommend solutions to help your business become GDPR compliant.
We’re experts on Mobile Device Management (MDM) and have a range of solutions starting at just £2.05 per month for a sole trader, all the way up to enterprise level integration for large corporations.
*Source IBM Security