Emmanuel Marshall Mar 28, 2018 12:40:21 PM 8 MIN READ

GDPR: What is it? Who is affected?


Email, e-commerce and cloud-based platforms enhance and optimise daily business activity, but they've also created a host of challenges in terms of security. Large-scale data breaches of companies are becoming a regular occurrence, resulting in massive numbers of sensitive data records being compromised.

A recent survey published by the WEF revealed that ‘Cybersecurity risks are growing, both in their prevalence and in their disruptive potential. Attacks against businesses have almost doubled in five years, and incidents that would once have been considered extraordinary are becoming more and more commonplace.’
According to the WEF report, more than 4 billion data records were reported stolen from businesses in 2016 alone; more than during the previous 2 years combined.

In response to the growing problem of data breach incidents, governments around the world are seeking to better regulate corporate data storage.

 

The EU GDPR


Starting on May 25, the EU (European Union) will introduce their new General Data Protection Rule (GDPR), under which any company doing business in the EU or selling goods or services to EU citizens will be subject to substantial fines if data they are holding is exposed by a data breach.

The GDPR regime provides for harsh financial penalties calculated according to the number of files exposed in a data breach. Fines levied under the GDPR will be €20 million (approximately AU$32 million) or 4% of global annual revenue; whichever is the higher amount.

 

What is a data breach?


When people transact with your company online, they share a lot of information; identification data; credit card details; and even personal documentation. All this data is a tempting prize for cybercriminals, and they are constantly at work trying to get hold of it so they can rip off your company and your customers.
When valuable information held by an organisation is compromised or exposed, this is known as a data breach.

In a recent interview GDPR lawyer Sue Foster said:

“The definition of personal data under the GDPR is very, very broad. So, effectively, anything that I am saying that a device picks up is my personal data, as well as data about me. So, if you think about a device that knows my shopping habits that I can speak to and I can order things, everything that the device hears is effectively my personal data under the European rules.”

 

What is the purpose of the GDPR?


The objective of the EU GDPR is to incentivise better data protection and cybersecurity practices by companies and organisations. As such, these regulations represent positive progress toward a safer and more secure internet for business and consumers.

Rigorous cybersecurity is of the utmost importance in an increasingly connected, digital economy. By imposing substantial penalties on companies that suffer data breaches, the GDPR is designed to encourage high security standards across companies with EU customers and trading partners.

 

How to avoid GDPR penalties


Basic preparation for the GDPR can be summarised in 3 steps:

  • Data audit
  • Risk assessment
  • Security implementation

Data audit

The first step toward cybersecurity risk management is knowing what data your company is collecting and how it is stored. A comprehensive data audit is fundamental because you’ll need to discover what information your company handles that could create liability under the GDPR. The GDPR is very inclusive in its scope, so a data audit should look at all platforms, device types and departments.

Identify what data you already have. Look at all kinds of assets stored in all formats, across every kind of software and media. List your data assets in categories to make it easier to assess.

For example:

  • CRM platforms
  • POS purchase information
  • online shopping records
  • marketing lists
  • social media contacts
  • company data held by contractors and other third parties


Risk assessment

Once you've done a data audit to establish a clear picture of how your company’s data management works, you’ll be in a position to make a risk assessment:

  • What cyber-threats could your company face?
  • Where are the security weak-points in your technology infrastructure?
  • Do you have effective cybersecurity measures in place?
  • What threats does your security software protect you from?
  • Do you have education programs in place to counteract human security vulnerabilities?
  • How would you know if your data storage was compromised?
  • What is your responsibility to third parties whose data you handle?
  • Who is responsible for your company’s cybersecurity management?


Cybersecurity implementation

Cybersecurity is seen as an IT issue; a lot of CEOs imagine that their IT department will take care of it but it just isn’t that simple anymore. Good cybersecurity policy requires the involvement of all levels of management and a commitment to educating every member of the team.

Make your organisation more secure:

  • Use strong passwords and 2-factor authentication
  • Provide cybersecurity education to your staff
  • Get professional advice on how to strengthen your company’s security
  • Make sure you have solid data backup and recovery procedures in place
  • Implement local and cloud-based cybersecurity protection

Initiating greater accountability and transparency in data management is only half of the formula for GDPR preparation. If a company suffers a serious data breach, their exposure to fines under the GDPR will only be one of their problems.

Businesses are losing millions of dollars to cyber-attacks that could have been prevented. Cybersecurity is seen as an IT issue; a lot of CEOs imagine that their IT department will take care of it but it just isn’t that simple anymore. Good cybersecurity policy requires the involvement of all levels of management and a commitment to educating every member of a team.

 

MailGuard: your cybersecurity partner


With mounting pressure on governments globally to do more to
close the gaps in cybersecurity, we will be seeing much higher standards for compliance everywhere. Forward-thinking business owners and CxO’s who move now to implement better strategies will come out ahead of the curve.

Every day, MailGuard intercepts new cyber-attacks designed to capture the valuable data held by our customers. As a leader in cybersecurity and data protection we applaud the introduction of the GDPR Scheme as an essential contribution to global cybersecurity.

MailGuard is committed to supporting you, our customers and partners, in achieving compliance with the GDPR. The security and productivity of our partner community continues to be our highest priority and we are proud to be working with you to create a more secure internet.

To get ahead of the curve on GDPR compliance, get in touch with MailGuard for an obligation-free consultation with one of our cybersecurity experts:

1300 30 44 30

info@mailguard.com.au

 

More information:


Learn more about the EU GDPR regime:


For detailed information about the incoming GDPR regulations and their ramifications for corporate cybersecurity, visit the EU’s Justice website.