08 Oct GDPR Fines are nasty, here’s a few ways to avoid them.
In the recent months as you’re well aware of, both British Airways (BA) and Marriott Hotels have hit the headlines because of eye-watering GDPR fines – £183 million for BA and £99 million for Marriott.
The fines show that the GDPR (General Data Protection Regulation), has given enforcers like the UK’s ICO (Information Commissioner’s Office), some serious tools to play with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a unworthy $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.
With these new fines in play, we highly recommend you make sure you’ve minimised your risk of being next in the firing line.
GDPR is focused on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever in the world you are located. Marriott, a U.S. organisation, is a case in point.
Here are five best rules we recommend all organisations stick to, in order to minimise the risk of a GDPR data loss fine:
- Patch early, patch often. Minimise the risk of a cyber attack by fixing vulnerabilities that can be used to gain entry to your systems illegally. There is no perimeter, so everything matters: patch everything you can get hold of.
- Secure personal data that’s in the cloud. Treat the cloud like any other computer you own – close unwanted ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your environments, including QA and development.
- Minimise access to personal data. Reduce your exposure by collecting and retaining only the information you need, and making sure the only people with access to it are the people who need it to do their jobs. Not everyone needs access to certain data.
- Educate your entire team. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR requirement. Whether they’re invovled with computers or not, everyone needs to know.
- Document and prove data protection activities. Be able to show that you have thought about data protection, and have taken sensible precautions to secure personally identifiable information.
We can help
Urban Network can perform tests on your systems to ensure they are protected, as well as information that your business is conforming to best practice, including penetration testing and intrusion testing, however the very basic elements of patching endpoints with vendor security patching, and ensuring antivirus is up to date is the often overlooked start point.
Our Sentinel monitoring software can cover these elements of your network, and coupled with one of our recommended Enterprise Firewalls, the basics are all covered.
To add extra layers of additional security, Urban Network can liaise with you to ensure that there are comprehensive policies in place for password control, access control and network housekeeping and importantly remote access and BYOD policies. We can look at the current implementations of any other facet of your network, and give advice on industry best practices to ensure your business is sufficiently covering your risk.
We’re Urban Network, we can help save your Business.
We specialise in managed IT & technology services to help businesses across London & the wider-South East, from our base in Wapping, East London.
Urban Network has a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.
Among our range of skills, we have a specialism in cyber security. Ensuring we aid our clients with employing the best & most appropriate security practices, procedures and tools to protect their sensitive data.
If you have any concerns or challenges with your cyber security, or with your technology generally, we would like to hear from you. Please contact the team today.