Get in Touch 0333 320 8338 (Help Desk: Option 1 / Sales: Option 2)

How to Ensure Your IT Systems are GDPR Compliant
07th May 2021

The General Data Protection Regulation (GDPR) replaced the Data Protection Act in 2018. The core objectives were to provide individuals with enhanced privacy, all made possible courtesy of a set of new rights.

 

The connotations for businesses were fairly far reaching, with various changes needing to be implemented across data collection and storage processes, as well as marketing practices.

 

In short, businesses had to ensure that any information stored on individuals was readily accessible, that the reason for collecting and retaining it was viable, and that data would not be retained for any longer than was completely necessary.

 

What data does the GDPR cover?

 

The GDPR covers all the data any organisation stores. As well as physical records, this means data kept on servers, in the cloud, on individual PCs, on portable media and on mobile devices.

 

Keeping such data safe all of a sudden became a hundred times more important when the GDPR was introduced. As did being able to demonstrate evidence of data security measures and processes put in place to mitigate the risk of data breaches.

 

Any breach must be reported within 72 hours to the Information Commissioner’s Office (ICO). Fines of €20 million or 4 per cent of annual global turnover, whichever is higher, are what businesses face should they fall short of compliance.

 

What are businesses responsible for in terms of GDPR and IT?

 

It is the responsibility of individual companies to ensure sufficient cyber security measures are in place to reduce the risk of a data breach. Your aim is to reach a level of confidence that you have done all you can to install adequate security measures, to educate staff and to prevent and contain breaches.

 

The following is a quick-check summary of the typical measures you should be adopting in order to keep your information technology secure and GDPR compliant:

 

  1. Understand what cyber security is and how it works.
  2. Ensure you have appropriate, up to date antivirus and firewall software installed across all devices, including homeworker devices.
  3. Be sure to install all available software and security updates; enable automatic updates so there is no room for error.
  4. Install a strict password policy within your organisation, including outlawing password sharing, and make use of a secure password generator and vault.
  5. Use a tiered system to set restrictions as to who can access and share certain information on your systems, so that you have better control and a clearer audit trail.
  6. Immediately change passwords and reset system permissions when a member of staff leaves. Be sure to reset building access codes too, or change locks as appropriate.
  7. Encrypt any sensitive information, particularly on portable devices and that sent via emails.
  8. Run regular online backups so that you have access to a recent copy of your data should an incident occur.
  9. When deleting data once the retention period is over, make certain that it is completed erased from all hardware as well as cloud storage.
  10. If you are using a cloud based storage and backup system, ask the provider to furnish you with their own GDPR policy so that you can do you due diligence and ensure they are as compliant as you are.
  11. Train staff to ensure they are fully aware of data breach and cyber security risks. Be sure to include training on every new staff induction, and include regular refresher training to keep everyone up to date.
  12. Take care when sending emails that only the necessary information is being shared, and with the right recipient.
  13. Keep up to date with and share details of all the latest phishing scams so that everyone is aware of the current risks.
  14. Pay attention to physical security measures such as CCTV and access control, which are just as important for protecting data as cyber security measures.
  15. Make sure that your IT support company is GDPR compliant and that they sign an agreement with you concerning data access.

 

GDPR compliant IT support from PC Docs

 

At PC Docs, we offer a comprehensive package of GDPR compliant IT support services, together with a range of cyber security solutions, all of which can be tailored to suit your individual business needs.

 

To discover how we can help protect your business against costly data breaches, and for a copy of our GDPR compliance policy, you are welcome to get in touch.

Our Partners
IT Support Company
IT Companies London
IT Consultants London
PC Support
Business IT Support
Small Business IT Support
IT Support
IT Support for Draytek
London IT Support for ESET
IT Support for Lenovo
IT Support for Sophos
IT Support for Yealink

What Our Clients Say

John and his IT support team at PC Docs have been a real asset to us at Chiller Box... We can focus on our customers, leaving PC Docs to deal with any day to day IT issues arising.
IT company review
Chiller Box Marios Poumpouris
It was the best decision we could have made… No issue is too small and support response times are swift and carried out in a polite and caring manner.
Karidis Clinic Deborah Vine
Thanks to you and your team, everything went to plan and happened as it was supposed to! Our move went seamlessly and you guys went the extra mile!
Andrew Stevens Cos Eleftheriou
We have used PC Docs for 10 years now. As with most companies when our IT goes wrong we need it dealt with asap… PC Docs do this for us and they do it very well.
IT Support review
Forty Group Stephen Fixman
Switching to PC Docs was the best decision we made for our growing practice...PC Docs has truly taken all the stress of IT from us.
Helen Nicolas Accounting Solutions Helen Nicolas

Get in Touch

Contact our IT Consultants today:

 

PC Docs

Southgate Office Village, Block F

288 Chase Road

London

N14 6HF

Request a quote