On the 25th May 2018 a new directive came into play called GDPR (General Data Protection Regulation). A two year preparation period had been given to businesses and public bodies covered by the regulation to prepare for the changes.
In the UK, the old Data Protection Act 1998 set out how your personal information can be used by companies, government and other organisations.
GDPR changes how personal data can be used. Its provisions in the UK will be covered by a new Data Protection Bill, which has now been published by the government.
However we have seen that most companies have not heard of GDPR or made any changes to their business regarding how they collect and store personal information of individuals.
So we recommend everyone reads the Guide to GDPR on the Information Commissioners Website here: Click here for the GDPR GUIDE
HardSoft have been providing Blogs and leaflets explaining this new directive and trying to help our customers get to grips with what changes they will need to make.
Importantly you need to look at how any personal information is collected and stored.
With regard to our customers computers and networks we have been advising to following some easy steps to help get their data and networks secure and less prone to attacks. Which is a step toward being compliant.
- Create a password policy to change your password frequently (ie every 60days) also make sure they are at least 8 characters long and complex (include capital letters, numbers and special characters)
- Make sure your backups are working (onsite and offsite) and they are encrypted against data being stolen
- If any laptops are taken offsite and have personal information stored on them then we would recommend they are encrypted (Windows has Bitlocker, Apple Macs have FileVault builtin to encrypt information)
- That you have AntiVirus software like Avast in place and upto date
- Think about installing Anti-Ransomware software like Sophos Intercept X to combat your data being stolen and being locked by outside sources, which in-turn then ransom your data for money.
- Software updates are installed and upto date, these provide security patches and block known security holes on your computers.
- We also recommend you register with the ICO as a Data Controller or Data Processor depending on how you process your customers data.
If you do need additional help we do recommend that you contact out support desk here.
Regarding the rest of your business compliance we would recommend you contact a data protection specialist here.