As many of you are now aware the new General Data Protection Regulations (GDPR), which is replacing the current Directive, will take full effect for all Member States on the 28th May 2018. That’s 216 days, 17 hours, 50 minutes and 8….7….6….5….4….3….seconds away. Although there are many articles being published regarding this regulation, there are still many grey areas around GDPR compliance, what must be done, how and where responsibility lies.
Over the coming months, ESP Projects will continue to post information around the GDPR. The key question to ask yourself is;
‘How ready is my business for GDPR?’
It is therefore advisable that all organisations, no matter what industry and size, begin to understand the following:
- Do you know where data within your organisation resides?
- Who has access to such data?
- What personal data are you holding and where this is located, i.e. on-premise hardware/cloud services?
Understanding where your data resides and who has access is the first step in the GDPR planning and I would strongly advise that you review the ICO’s self-assessment checklist and also read our other blog on – GDPR 2018 – What You Need To Know.
Once you have a handle on the location and access of all of the data within your organisation, the next step of GDPR compliance is:
Ensure that your network is adequately protected
In order to do this you must ask yourself these questions;
- Do we have an Enterprise router that provides Unified Threat Management, Firewall and Traffic Filtering?
- Are the switches fully managed with port tagging implemented?
- Is your network hardware cabinet mounted and securely locked away?
- Are the servers up to date with all Windows patches and firmware releases?
- Are the operating systems in use throughout the company up to date and still supported by the Manufacturer?
- Do we have adequate Enterprise Anti-Virus in place and is this installed on all devices??
- What real-time defences do you have in place for the various areas of your network, both on-premise or cloud?
As you can see, you may have to consider setting up a budget to review and improve your network and policies in order to be compliant with the GDPR requirements. In the coming months, this GDPR budget will be an area that we will be focusing on and we aim to release a more detailed article in the coming months.
Don’t have the time or resources?
Let us help you. If you require any support or guidance with the GDPR implementation, please contact ESP Projects and an assessment review can be booked in for you.