This month SecureNews is dedicated to the GDPR (General Data Protection Regulation) which will come into effect in 2018. It will affect EU and non-EU organizations, requiring a new strict data protection regime. Achieving compliance will not be trivial, so we strongly advise that you start preparing for GDPR now. The fines for non-compliance will be significant: up to €20million or 4% of total annual worldwide turnover.
With AlertSec you already have a good foundation for compliance in place but you will need to take additional steps to address GDPR’s privacy and data protection principles. We have prepared some information below and on our website to get you started on your compliance journey:
Face the facts: if you’re tempted to put off thinking about GDPR until later, or think that GDPR is not relevant, then check our fact sheet below.
Preparing for GDPR: what does GDPR mean for our SMB customers? Our new document “Preparing for GDPR” highlights the key data protection principles, actions to get you started and references for more information.
AlertSec foundation: your AlertSec service provides the strong encryption plus additional layers of security that support several GDPR principles. Make sure you understand the measures you already have in place so that you focus investment where it’s needed.
IT Security expertise: remember that you have a team of IT experts in the AlertSec help desk ready to help address your data protection concerns. If you have any questions or concerns about GDPR and what it means for your organization, use the link below to download our new guide “Preparing for GDPR”, or call our help desk.
Why the urgency? You have already taken important steps towards addressing GDPR data protection principles with your AlertSec service. However, compliance will require additional measures such as policies, training and risk assessments that will take time to put into place.
EU and non-EU companies need to comply: EU data protection law will extend to all foreign companies processing data of EU residents. Despite voting to leave the EU (‘Brexit’), the UK is expected to implement GDPR.
More data needs protecting: ‘Personal Data’ and ‘Sensitive Data’ definitions will change to include digital identifiers such as IP address, genetic and biometric data.
Everyone is responsible: both data processors and data controllers will have legal obligations for data protection and breach notification, with large fines for non-compliance.
Safe Harbor is no longer valid: Safe Harbor has been replaced by Privacy Shield and requires self certification.
Expect scrutiny: individuals will probably want to test their right for data to be deleted. Organizations will need to be able to handle these inquiries.
Data breach will impact company reputation: both data controllers and data processors will be responsible for data breach notification, and for informing the data subjects.
Non-compliance fines will be high: fines will be up to 4 per cent of annual global turnover, or €20m ($22.5M), whichever is higher.
Where do you start? Use the link to download our new document ‘Preparing for GDPR’, which provides an overview, recommended actions and further references. Share the document with your senior executives and organize a review to assess the implications of GDPR. If you have any questions, contact our help desk.
AlertSec: a foundation for compliance
GDPR compliance will require a range of technical measures but encryption remains a cornerstone for data protection.
AlertSec provides essential tools such as full disk encryption, media encryption and compliance check. There are optional components such as pre-boot authentication, plus services such as Encryption For Third Parties that you may require to implement additional security measures. Contact the help desk to find out about the optional features you have available through your AlertSec service.
GDPR compliance cannot be achieved by technical measures alone. It is important to recognize that you will need organizational measures such as security procedures, risk assessments and employee training.
You already have a number of data protection processes in place through our support team. As part of your AlertSec service, the help desk team manages a number of functions that might normally be done by an in-house IT team, for example:
Password management: AlertSec’s processes for password reset and data recovery are secure by design to ensure we only unlock devices for the authorized users;
Software development:AlertSec manages the continuous development of our security software to maintain maximum protection;
Communication: our customer alerts and newsletters provide information that can be used to support your employee training program.
Use the link below to read more about GDPR data protection principles in our guide “Preparing for GDPR”.
“We are specialists in IT security”, said AlertSec’s CEO Ebba Blitz. “Our support team provides the capability that you might find in a large enterprise.” Ebba was commenting in a recent article about the advantages that AlertSec’s managed security services give small businesses.
Many SMB’s may have concerns about whether they have the resources to manage GDPR compliance. Remember that with AlertSec you already have an IT team working for you with the capability to be up-to-speed with advanced requests. You will need to implement additional data security tools and manage internal security processes for GDPR compliance, but AlertSec’s services are designed to integrate with and support your in-house policies and other data protection measures.
If you have questions about data protection, call our help desk.