What is GDPR? - Becrypt

Download PDF
0 downloads 204 Views 1MB Size Report
Comment
believe-they-can-detect-a-data-breach, 2017. 6 PwC Government Research Report, https://www.pwc.co.uk/assets/pdf/2015-isb
#BeGDPRready

.com

Preparing for GDPR:

Finance

Preparation for the upcoming legislation is critical

What is GDPR?

General Data Protection Regulation (GDPR) redefines how organisations can collect, process and store data.

Fines of up to

€20 million of global or 4% turnover hours to report a data breach

72

Key changes organisations need to make: Implement appropriate IT security controls Appointment of Data Protection Officer (DPO) Obtain consumer consent

What does GDPR mean for the Financial Sector? From the Finance Sector in the UK

65%

183%

of consumers think that data privacy and security are extremely significant factors when choosing a bank2

increase in reported data breaches within the financial sector over 2 years4

83%

of UK banks retain customer information after they no longer have any affiliation5

71%

of banks do not have a balanced security strategy or strong data privacy practice3

74%

of consumers said that they would switch banks in the event of a data breach1

£1.46m cost of a data breach in the UK6

5 steps to consider when planning for GDPR

1

Management are Key

2

Data Audit & Gap Analysis

3

Consumer Consent

4

Solution Research

5

Implement & Train

Getting GDPR ready is not a job just for IT Managers. Anyone who comes into contact with PII (Personal Identifiable Information) needs to be aware of GDPR and how to be compliant. Getting the Management Team on board to encourage this throughout the organisation is critical.

Perform a data audit to check exactly what data has been collected, how it is used, if it gets sent anywhere else, where it is stored and who has access. Then by conducting a gap analysis, you will be able to see what is missing and what is needed.

Under GDPR it is imperative that customer consent for obtaining data is expressed. Sensitive personal data will have to be explicitly expressed under the guideline, and child consent (under the age of 16) will need to come from parents. Negating to do this is likely to result in the highest of fines.

Encryption is stated in the legislation as an appropriate technical solution to protect an organisations’ data. Data protection solutions can be an easy step towards becoming GDPR compliant - but do your research to ensure you get the right solution for your organisations’ needs.

If your organisation reaches the threshold, you will need to appoint a Data Protection Officer (DPO). If handling any personal data, staff will need to know how to comply with GDPR and the consequences of ignoring it. Make sure your team are aware, informed and enabled to abide by the GDPR legislation.

For more information on how Becrypt can help you in the first steps towards GDPR compliance, get in touch:

[email protected] 0845 838 2080

.com

.com Sources: 1 Capgemini https://www.uk.capgemini.com/news/news/just-one-in-five-banks-and-insurers-confident-they-could-detect-a-cybersecurity-breach, 2017. 2 Info Security, https://www.infosecurity-magazine.com/ news/banks-show-a-woeful-lack-of-data/, 2017. 3 Capgemini https://www.uk.capgemini.com/news/news/just-one-in-five-banks-and-insurers-confident-they-could-detect-a-cybersecurity-breach, 2017. 4 Computer Weekly http://www.computerweekly.com/news/4500247427/Financial-sector-data-protection-breaches-up-183-in-past-two-years, 2015. 5 IT Pro, http://www.itpro.co.uk/security/28030/data-breach-news-most-uk-banks-dontbelieve-they-can-detect-a-data-breach, 2017. 6 PwC Government Research Report, https://www.pwc.co.uk/assets/pdf/2015-isbs-technical-report-blue-digital.pdf, 2015. 7 IT Pro, http://www.itpro.co.uk/security/28030/ data-breach-news-most-uk-banks-dont-believe-they-can-detect-a-data-breach, 2017. 8 Finextra, https://www.finextra.com/blogs/fullblog.aspx?blogid=11779, 2015.