‘Google gets access to 4% of total visible sites on the Internet while the remaining 96% is said to be the Deep web also known as TOR, a place for hackers and people who do illegal activities’1
Think about the above quote for a second, when it’s sunk in, you’ll realise how much we can actually access the internet.
Now think about what could be in the ‘Deep web’. Would you like all your clients’ data to ‘get lost’ in there? No, neither would we.
Reasons like this are why the GDPR has been put in place. To keep everyone’s personal data safe. Including our own.
By now, you’ll have probably heard GDPR (General Data Protection Regulation) mentioned an awful lot. If you haven’t, where have you been hiding?
GDPR is the latest data regulation that comes into force 25th May 2018. If you don’t comply or you suffer a data breach, you could face fines of €20 million or 4% of your global annual revenue, whichever is highest.
Now, I’m not a GDPR expert although, I have done my research, hopefully, I can make GDPR a bit more understandable and make it easier for you to grasp the basics. And how, potentially, it could affect your business and how you can prepare for the GDPR.
Some people think that GDPR doesn’t apply to them, either because they’re a small business, a school, or because it’s an EU law and after Brexit, it won’t matter. This isn’t true.
Small businesses are major targets for hackers as usually they don’t have big IT security infrastructure and there’s an easy hole in the system for them to get in and find your data.
Schools sometimes think that they don’t process or store data, when, in actual fact, schools store some of the most sensitive data. Also, as schools don’t usually invest as much in IT systems, due to the lack of funds, hackers know this and find them an easy target.
Above all this, even after Brexit, everyone will still have to comply with the GDPR.
In this series of blogs, I’ll cover the major questions being asked about GDPR. The who, what, where, when, and how. Plus, some solutions that might help you on your way to GDPR compliancy.
What is GDPR?
The GDPR (General Data Protection Regulation) is the latest law for data protection. The aim is to strengthen and unify data protection for all individuals within the EU.
Who does GDPR apply to?
GDPR applies to anyone who controls or processes data. Meaning, if you collect your customer’s data in any way then GDPR applies to you. For example, if you’re a small business who collects customers names, email address and phone numbers for marketing purposes. You must comply with the GDPR.
What data does the GDPR apply to?
Data is the new gold on the Deep web. It can be used to hold people to ransom, it can be sold, swapped, traded, found, lost and stolen. Any type of personal or sensitive data can be used, anything that can potentially identify a person is targeted.
GDPR applies to both personal and sensitive data.
Do you know the difference?
Personal data: any information relating to an individual; if you can identify a living person from the data you’re processing or obtaining, that’s personal data. It might include; CCTV images, photos, databases, names, addresses and emails.
Sensitive data: any data that relates to someone’s religion, ethnicity, beliefs, health or relationship status. It can also include criminal records, court proceedings and court sentences. More technically, biometric data like iris scans and fingerprints also fall under sensitive data.
Where does GDPR apply?
The GDPR is set to become part of the UK, US and EU law on 25th May 2018. It not only applies to companies within those countries but to companies outside them as well. Companies that are outside the UK, US and EU but offer services to people in the UK, US and EU also have to comply.
Data Breach Example – WannaCry
In May 2017, the WannaCry cyber-attack affected 200,000 organisations in 150 countries2. In the UK, 47 NHS trusts were hit. Hackers started to spread the ransomware WannaCry in emails that tricked the receiver into opening attachments and releasing malware onto their system. A technique known as phishing. When the attack fell on the NHS, key systems like telephones were affected. Staff had to resort to using pen and paper and their own devices to make calls.
The WannaCry ransomware went on to attack large organisations in other countries including the Interior Ministry in Russia, organisations in Taiwan, Ukraine and India. And, larger corporations like FedEx Corp and Telefonica were also targets.
What is ransomware?
Ransomware is used in cyber-attacks that involves taking control of a computer system and blocking access until a ransom is paid. Often, ransomware is hiding in emails asking the receiver to download an attachment that is infected with a malicious software. Once the software is on a computer system, hackers can launch an attack that locks files and documents, usually, this is done gradually with files being encrypted. Then holding the oragnisation at ransom until a fine is paid.
How does ransomware relate to GDPR?
The new regulation states that you if suffer from a breach you must notify the relevant supervisory authority within 72 hours of your organisation becoming aware of the breach. However, this is only relevant for breaches where a person’s rights or freedoms are at risk. It may be that you cannot provide all the information within that time, the GDPR recognises this and will allow you to provide information in phases. If the breach is serious, your organisation must notify the public without delay.
If a breach is likely to affect the rights and freedoms of an individual, you must notify the individuals involved immediately.3
To find out more, visit our GDPR site here.
How Microsoft products can help with GDPR compliance
Microsoft is investing in additional features and functionality to help you meet GDPR requirements. With their cloud services and on-premises solutions, they can help you to locate and catalogue any data that’s in your system. Together with Microsoft, we can help you build a more secure environment, simplify your management and monitoring and give you the tools you need to meet the GDPR reporting and assessment requirements.
To find out more about Microsoft and GDPR click here.
Windows 10 Pro
Windows 10 Pro is designed to help safeguard your data in the cloud, including the personal data of customers and staff. With Windows 10 Pro you get end-to-end security from your desktops and devices, to your servers. It can also help detect, protect and defend against attacks that could potentially lead to your customer’s personal data being lost or leaked.
Making sure your laptops and desktops have the best built-in security can lower the risks of losing sensitive data. With threat protection, identity protection and information protection it’s extremely difficult to get into your system and obtain your data, keeping it safe from landing in the hands of a hacker.
Windows 10 Pro devices:
HP ProBook 450 G4
The HP ProBook delivers great performance and comes with Windows 10 Pro pre-installed. It has the security features you need to keep your business safe. You can keep your sensitive data secure with HP BIOSphere as well as integrated TPM and customisable features like fingerprint reader.
The Yoga book is a 2-in-1 tablet that gives you the flexibility to work anywhere. You can take notes, type and draw with ease. The Yoga book comes with Windows 10 Pro pre-installed so you can depend on it being secure and safe to work on wherever you are. Plus, it’s slim and light. Perfect for working on the go.
Microsoft Surface Pro
Microsoft Surface provides the power and performance you need to run your business. With all-day battery life4 and high-speed processors, the Surface Pro is built for heavy usage on busy work days. You can use the Surface Pro in laptop, studio or tablet mode; making it flexible, agile and easy to use whilst you’re on the move. Use features like Windows Hello for a quick, secure, password-free sign-in. And, enjoy all this knowing your staff and data are secure with Windows 10 Pro security features.
Microsoft Wireless Desktop 3050
The Microsoft Wireless Desktop 2050 comes with great features and a modern design. It is designed to protect your information. It features Advanced Encryption Standard (AES) technology which encrypts your keystrokes making it extremely difficult for hackers to read your data. AES works over wireless connections, is encrypts your keystrokes before transmitting them to your device. You can count on AES being secure, it’s even used by the United States Government to protect confidential data and information.
For more information about Microsofts Wireless Desktop click here.
To sign up for our free GDPR webinar click here.
For more information on GDPR please see our website here.
Find out more about GDPR, contact our team of IT specialists on 0370 429 3020
Things you need to know
1. Source: https://www.quora.com/What-percentage-of-the-internet-is-accessible-through-Google-and-other-search-engines-Alternatively-what-percentage-of-the-internet-cannot-be-accessed-through-Google
2. Source: http://www.telegraph.co.uk/technology/0/ransomware-does-work/
3. Source: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/breach-notification/
4. Up to 13.5 hours of video playback. Testing conducted by Microsoft in April 2017 using preproduction Intel Core i5, 256GB, 8 GB RAM device. Testing consisted of full battery discharge during video playback. All settings were default except Wi-Fi was associated with a network and Auto-Brightness disabled. Battery life varies significantly with settings, usage and other factors.