Enforcement date: 25th May 2018 The General Data Protection Regulation, which comes into affect on 25th May 2018 in the UK is to replace the dated Data Protection Act 1998 at which time those organisations in non-compliance will face heavy fines. So as IT companies around the UK try to decipher the code of ethics to follow to comply to GDPR, MapTec IT looks at the possible side effects. Unfortunately, there isn't a lot of precise information out there to help frantic project managers trying to implement good practice policies in time for the 25th. We have been working closely with our partner's Bit Defender and Datto and been doing our own research on the subject. From our understanding so far there is a lot of key areas that need more clarification and perhaps documentation to be compiled with regards to how companies need to store personal data. In light of the Ransomware attacks your IT departments or outsource IT department cannot get away with just saying we can restore IT Systems within a week or over 72 hours. You cannot say you have antivirus and firewalls on your servers and computers and expect that to be sufficient. You will need products which have proactive elements built-in, and paid products for online protection in our experience will always be better. Restoring data must take under 72 hours and there will need to be regular backup drills to make sure the data can be restore. How data is protected and not store on a front-end website which could be potentially hacked.
7 months is not a long duration to get your data protection and policies in order as there has not been official documentation to apply, however, there has been some information to comply to your best ability in readiness of 25th May 2018, which explain few examples below. MapTec IT working with our partners to soon announce toolkit which can be used. Some of these steps you can take are to make a list of all your data structure online and offsite is it secure and backup in the right manner, e.g. offsite backup which is encrypted and set with a strong password. Regular checks are made i.e. recovery test to make sure data can be retrieved from backup.
Also, another example is your email system, is your provider protecting your data? Do they have scheduled backups and recovery tests? If your answers are no or unsure.
Please contact MapTec IT for more information.
In conclusion companies need reduce risk data corruption, cyber attack, internal attacks to a minimum.