Filter by Category

GDPR and Data Privacy after Brexit: What’s Next?

GDPR and Data Privacy after Brexit

So, the GDPR (General Data Protection Regulation) hit us with a bang in May 2018 and aside from a few high-profile fines, companies seem to be coping well on the whole. But is that really what’s happening or is it like an elegant swan, calm above water but flapping around underneath?

It is safe to say that by now companies and employees are very much aware of the GDPR and the need to ensure that the data they process is kept secure. Most people – as either consumers or employees – also now understand that they have rights when it comes to the personal data they share with companies. We (as data handlers) don’t own personal data, we are only allowed to use it when we have a legal basis to do so. We are merely borrowing data with permission, and the person whose data we borrow has control of it, not the other way around. And data privacy’s a good thing, right?

However, I have found that many companies have varying definitions of what “secure” means and they could be doing a lot more to ensure data integrity and security. Thankfully, HelpSystems has expertise in this area and can work with companies to improve their data security posture – more on that later.

ICO Fines Under GDPR

There is a perception among some I talk to that, since the GDPR replaced the Data Protection Act, there have been very few fines issued. This is not true and there is a very good reason why this perception exists. There is now a defined process to report suspected data breaches and help is available on how to handle them when they do, so fewer breaches now make headline news.

What’s interesting about the breaches that have resulted in a fine is that individuals are also being fined, not just companies.

The fines issued include instances of Police Forces, Her Majesty’s Revenue and Customs, The Crown Prosecution Service, as well as some household names. The importance and the power that the GDPR has must not be dismissed as being ineffective, as quite the opposite is true.

In the first 12 months of the GDPR becoming effective there were over 200,000 reports and over €56 million of fines issued.

An updated list of the GDPR fines and enforcement notices issued by The Information Commissioners Office (The ICO) confirms this.

Some examples that did make the headlines include Facebook, British Airways, Heathrow Airport, and Google who, among other data breaches, were fined €50 million.

Related Reading:

What’s Next for the UK Data Protection Law after Brexit?

With the UK set to leave the European Union (EU) on 31 December, 2020, many companies are asking, “what’s next?” in terms of data privacy and protection.

For the rest of this year, it’s business as usual. The GDPR is fully effective while negotiations take place to establish a different relationship with the EU. Considerations need to be made about how data can cross borders and the ICO is a great resource to help companies plan for this.

But what about at the end of the transition period? I cannot predict the future, but the most likely outcome is that the new Data Protection Act will fully embrace the standards set under the GDPR, so as long as companies already comply, then there will be little or no work required. The message for now is that companies should continue to focus on doing what they can to ensure the data they hold remains secure and that cybersecurity processes are in place, should a breach occur.

How to Reduce the Risk of Data Breaches

The first step in this process is to understand where the vulnerabilities lie. Through its Core Security product, HelpSystems offers penetration (pen) testing services for companies to identify risks and gaps in their cybersecurity defenses. Pen testing also helps validate the effectiveness of internal processes, should a breach occur.

The next step is to understand what, where and how information is being shared within the organization and the supply chain. Are shadow IT applications such as Dropbox and WeTransfer used by employees to transfer information? If so, how do companies ensure these transfers do not include information deemed non-compliant under GDPR? HelpSystems has a solution that enables companies to share information securely while keeping critical information protected.

Combining its GoAnywhere managed file transfer solution with its Clearswift Secure ICAP Gateway, companies can automate the detection and cleansing of information subject to the GDPR regulation. This reduces the risk of human error and allows the company to remain in control of the information it shares.

On-Demand Webinar: Meeting GDPR Compliance Post Brexit with GoAnywhere MFT

Encryption is an effective way to ensure that data at rest remains protected and complies with the GDPR requirements. HelpSystems has a solution that adds role-based access and administration to secure confidential information held on IBM i databases. Powertech Encryption prevents unauthorized internal users or external hackers from gaining access to sensitive information.

Related Reading:

Another key risk area is the information shared over email and the internet. With its Clearswift email and web gateway solutions, HelpSystems offers companies the maximum level of data protection over these channels without getting in the way of everyday business activity. Based on a deep content inspection engine, the gateways detect and redact sensitive content coming in and out of the organization – including data in images and scanned documents – in real time, allowing clean versions to continue on their way.

Related Reading: Will Brexit Impact Your Data Transfers?

Finally, companies need to be sure that employees can’t accidentally share or leak information via removable devices. HelpSystems has a solution to increase the data security and compliance of endpoints. Its Clearswift Endpoint Data Loss Prevention solution gives companies control and visibility of data at rest and automatically redacts sensitive information being written to or read from devices such as USBs (data in motion).

Your GDPR Compliance: Elegant Swan or Duck Out of Water?

Whether your company has its GDPR compliance under control or has some way to go on its compliance journey, we’d be happy to offer you a 60-minute Security Health Check to identify the cybersecurity solutions relevant for you.

Related Posts

8 Essential Resources to Help You Understand GDPR Compliance

The General Data Protection Regulation (GDPR) is enforceable on May 25, 2018. School yourself on what this new regulation entails and how to achieve GDPR compliance with these comprehensive resources.

Brexit and the GDPR: What You Need to Know

Does the GDPR apply to UK companies? Will it still apply after Brexit finalizes in 2019? Find out in this post.

GDPR: Understanding the 8 Rights of Data Subjects

GDPR gives individuals 8 rights related to their data, but what does that mean for your organization? This checklist outlines what you need to know to meet GDPR's requirements.

Meeting GDPR Requirements Using Managed File Transfer

Are you ready for the General Data Protection Regulation? Find out how to make your file transfers GDPR compliant and meet GDPR requirements with this comprehensive guide and GoAnywhere Managed File Transfer (MFT).

Need Help with GDPR Compliance? 3 Simple Steps to Take Now

With less than two weeks to go before the EU's General Data Protection Regulation hits the stage, make sure you're on track to avoid being fined for non-compliance! Take the final steps toward making your organization GDPR compliant with these three simple, actionable items.