GDPR: Securing your Personally Identifiable Information
Alongside our upcoming GDPR events calendar (read more here) we’re also publishing a series of blogs throughout August and September dissecting the IT security element of the General Data Protection Regulation (GDPR) with a focus on how IT security can help you to protect your business-critical data, kick-starting your journey to GDPR compliance using technology.
The first 4 blogs in the series:
The May 2018 GDPR deadline is looming and it’s something that businesses holding Personally Identifiable Information (PII) must adhere to – or face hefty fines. We’re showcasing technologies that can help your business on the journey towards GDPR compliance at our events held in Newcastle, Manchester and London: GDPR & Technology Event.
Data protection really sits at the heart of GDPR which comes into effect May 2018. Businesses must establish control over their Personally Identifiable Information (PII) and ensure its security.
What is PII?
PII is the data a company holds that can identify an individual, it’s the type of information that can distinguish one person from another, including full name, email address, home address, telephone number, date of birth, IP address etc.
How do I know how much PII my company holds?
Understanding the volume and whereabouts of the PII your business holds is vital to understanding what needs to be secured or ‘the size of the beast’ so to speak… We’re offering businesses a free trial of our PII discovery tool which will help you to define exactly how much PII your business holds and where it’s stored.
Securing your Personally Identifiable Information
In order to secure your data there are a number of technologies that can be implemented, such as Sophos Safeguard. Safeguard is a tool that allows encryption across all types of devices, from the mobile device suite and cloud technologies to portable devices such as USB.
The lack of encryption is arguably one of the single biggest weaknesses that businesses face. It’s an integral part of protecting your business critical data. In fact encryption is actually referenced multiple times within the Official Journal of the European Union. Companies who ignore this and fail to adequately safeguard their PII could be deemed negligent and face substantial fines.
A key element to GDPR compliance is the ability to prove your data is secure, and this is where the console comes in. It allows you to prove your devices are encrypted should they go missing. Meaning if records, documents, spreadsheets etc. are lost you can prove to the Information Commissioners Office (ICO) that you have the correct security measures in place to adequately protect your PII.
The console also provides rapid user reporting, so if there’s an alert or breach within your IT environment you will be alerted. For example if a new machine is added to the network, something has been disabled on a machine or there is any other activity that falls outside of your policy you will automatically be made aware of this.
Manually monitoring your IT infrastructure is no longer practical due to the size, scale and range of technologies now available so this remote monitoring is really a key feature.
Although encryption is a key element of securing your PII there are a number of other technologies available, ranging from Sophos Endpoint and anti-Ransomware to data loss prevention and employee training and awareness. Our suite of IT security solutions don’t just aid your GDPR compliance, they are designed to protect your business critical data from being stolen or held to ransom by cyber criminals – a growing threat that must be addressed. IT security goes far beyond what must be adopted in order work towards compliance, it’s protecting your business from the threats that are taking down businesses across the UK.
To find out more about the technologies available you can speak with our experts at our GDPR & Technology event.