On May 25 2018, organisations across the EU will need to abide by the new EU General Data Protection Regulation.
The rules aim to give all EU residents full control of their personal data, and introduce strict standards for how businesses must keep it secure.
GDPR will apply to all companies that manage or process customer data in the EU, and non-compliance can bring heavy penalties of up to 4% of a company’s revenue or 20 million euros, whichever is greater.
If you need to ensure compliance there are several operational areas to consider – mostly data security and storage – both fields of Trident expertise.
While Trident are not GDPR advisors, our knowledge of these areas means we can offer valuable pointers and services to help.
Questions you need to address
If your business needs to prepare for GDPR, you need to ask:
• What types of data do you store and why?
• Who can access this data and by what procedures?
• Where is your data stored? If it’s cloud-based, the geographical location is still important
• How do you send data? By encrypted or non-encrypted email or other methods?
• Are your USB or portable devices, data in transit, and/or data backups encrypted at source and at rest?
• Is your data secured with 256-bit or higher encryption?
If you’re unsure about any of the above or need to act on them, it’s worth asking us if we can assist.
We may, for instance, be able to help you with setting up encrypted volumes on SANs or virtual hosts, restricting access to certain data, designing compliant data replication backups and disaster recovery solutions, or rolling out Microsoft BitLocker encryption tools across your workstations and portable devices.
For more on how Trident could help you plan for GDPR compliance, contact your Business Manager or another member of the Trident team on 01273 662777 or email info@tridentgroup.co.uk