You want to innovate. To transform your organisation with new services and help achieve the top-line. Security and compliance can seem like endless red tape and bureaucracy that simply get in the way.
This time last year we were all bustling around ensuring that we were following best practice in preparation for GDPR. As with any compliance exercise it is always good to review what exists and test your assumptions. And whilst you may be hoping that Brexit may change everything, the UK 2018 Data Protection Act enshrines the key principles of GDPR and therefore very little has changed for UK Business.
With GDPR only seven months away now, one aspect of compliance we all need to consider is how to secure personally identifiable information (PII) on laptops and other mobile devices. This data is harder to control and at a greater risk of being compromised because it’s not behind the company firewall.
With GDPR on the horizon, now is a good time to review your data security policy. The first step is to take a holistic look at your entire infrastructure, from how data is created or acquired to how it is valued, stored, accessed and disposed of. This includes data coming in from customers, partners and suppliers; data created within the organisation, such as presentations and reports; and data that goes out, such as invoices and proposals.
The Global Data Protection Regulation (GDPR) will come into force in less than a year and organisations need to prepare for its introduction and be able to demonstrate compliance. This will require resources and an appropriate budget.
You can imagine it now. If the world of IT security were to be played out as a pantomime today, the seeming villain of the piece would definitely be GDPR. Picture it, the face of the CISO when the crowd scream “It’s behind you!” as GDPR suddenly appears. Our hero knows that GDPR is lurking behind him but he is not quite sure a) how much of a threat it will be to him and b) exactly what he has to do to combat it.