Any company that deals with data in the EU in any way will be aware of the imminent changes to the EU Data Protection Law. This will affect companies that have operations in the EU, store data of customers that live in the EU or deal with data that passes through the EU. It is important that you are prepared for the new changes that will see the EU General Data Protection Regulation (GDPR) pass into law to avoid being caught out.
The problem is that no one really knows what the changes will entail, which is the source of most anxiety surrounding the law.
Unfortunately, a tightening in the law doesn’t necessarily mean that levels of cyber crime will fall; in fact, it rose by 48% from 2013 to 2014. However, this doesn’t mean that you shouldn’t prepare as far as you can for the changes as you can be fined up to 5% of your company’s global annual revenue if you fail to comply.
Here are five things you can do to ensure that you’re as prepared as you can be for the changes to the law!
1. Be upfront with your employees
At times like these, it is even more important that your employees work with you, and being completely open about the results of internal audits is one way to ensure this. If they feel like they know exactly what’s going on, they’re likely to help improve in any areas where there may be shortcomings.
Provide the right level of training, if staff aren’t aware of which actions potentially open up data to risk they’ll be unable to mitigate those risks.
2. Think beyond the walls of your company
Due to the ubiquity of mobile devices, employees can access company data from practically anywhere in the world. This means that you need to have tight rules with regards to the security of your data across a plethora of devices and platforms.
Ideally, you will want to be able to monitor all data usage, with the ability to wipe it remotely too, if necessary.
3. Decide on one method of file sharing
Narrowing down the ways in which company data can be passed around means it is more secure. You will have just one system to concentrate on keeping secure and only one way for potential hackers to attack.
So if you have staff using multiple file sharing platforms it may be time to consider your internal policies here.
4. Put your foot down with employees
You might not want to offend anyone’s ideas, but when your company is at stake, it is worth it. Put a stop to anyone using any systems that you have not approved. Even if they appear safe, free online file sharing or collaboration tools are not necessarily secure and can leave your information vulnerable to criminals.
5. Don’t leave it all to IT
Of course, your IT department will be the main body for ensuring cyber security within your business. However, it can only truly function if everyone within the company is on board.
Also, under the GDPR, certain businesses will be required to appoint a Data Protection Officer (DPO), who may or may not be part of the IT department, and the DPO will play a key role in all data security decisions.
Whatever happens, it is important that you and your employees are as prepared as possible for the coming changes.
[Photo Credit: MPD01605]
