It’s a new year and, for many, a great time for a fresh start. Gone are the excuses of December and in comes the determination of January – a great time for new projects and a review of how you work. Something that’s top of many agendas as we enter the new year is cyber security and data risk, particularly with Data Privacy Day coming up on 28th January. Data privacy day was set up to raise awareness of the risks associated with data security and to promote best practice compliance.
But hasn’t this been covered off with GDPR?
With the rush to comply with the General Data Protection Regulations (GDPR) last year, many companies have been left behind, or are looking back at an approach directed more at fire fighting than at truly understanding their exposure and required actions. If you’re entering 2019 still unable to say that your data really is secure, you’re not alone. But it’s time to do something about it.
What does compliance look like?
GDPR came into effect in May 2018, bringing with it a host of extra penalties and sanctions for those who fail to comply with European privacy and data laws. Companies who took efforts to comply within time will have carried out a data mapping process and a work stream to ensure their IT security – mapping the data that they hold and process cross organisationally and looking at how safely this is stored and used. Organisations who have yet to carry out this process and take next steps, which include putting appropriate procedures and processes in place.
Key risk areas
Some of the areas that present key risks and which should be considered as part of a 2019 review of data security are:
– retention: how long you’re keeping personal data, this should only be as long as you’ve got grounds to do so;
– printing and scanning equipment: make sure your provider used GDPR compliant software so that you’re not inadvertently backing up sensitive files that can be shared or, worse, hacked, in future – using a GDPR compliant printer, such as a Leemic Sharp MFP printer, can protect your data;
– IT security: do your systems meet the standard that would be expected by regulators.
Beware the regulator
Whilst the UK regulator, the ICO, explained in 2018 that they were going to take a pragmatic approach to compliance, acknowledging how much work companies had to do, they’re likely to have far less sympathy this year. Organisations have had more than enough time, there’s really no excuse!