Companies in every industry sector around the globe have experienced lost, stolen or leaked sensitive internal data. This includes high-profile companies, with data loss incidents estimated in millions of dollars of direct and indirect costs, with tremendous damage to brands and reputations.
8 September 2017 Equifax credit rating agency, recent mass data breach hack impacting UK customers of companies including BT, Capital One and British Gas
As the General Data Protection Regulation – GDPR approaches, can key people in your organisation confirm they know how much personal data is stored in filing cabinets, boxes, or on file servers without data encryption or other data loss prevention tools.
Has information been misfiled, lost or stolen? Can personal data be located quickly and easily, to enable your organisation to prove compliance with the new GDPR consent requirements?
If like many companies, your organisations personal data is stored on individual PC’s and file servers, can you be sure that your IT environment is secure, and has in place uninterrupted power supplies (UPS) to save data during power outages? Demonstrate that there are regular backups of data stored off premises in a safe location, and that robust anti-virus and malware protection software is in place, and regularly updated?
If there was a breach in your organisation that led to the destruction, loss, unauthorised disclosure of, or access to someone’s personal data?
Would your organisation be able to report such data breach to the relevant supervisory authority, or to the individuals affected, to avoid hefty fines for non-compliance?
In preparation for GDPR, here is some advised to help your organisation avoid loss of personal data and fines for non-compliance.
1. Data Loss Vectors
Data loss vectors are the means by which personal information can leave your organisation without authorisation.
To comply with GDPR put in place data loss prevention policies and procedures, ensure everyone in your organisation is familiar and adheres to them, to avoid loss of data through the below listed vectors.
Email Attachments
Email attachments often contain sensitive information like confidential customer, and personal data. Emails with such an attachment might be intercepted or accidentally sent to the wrong person.
Removable Storage Devices
Putting sensitive data on a removable storage device including CDs, DVDs, Blu-Ray disks, and USB memory sticks pose a great threat as they can easily get lost or stolen. They typically do not have passwords, encryption, or any other protection for the data they contain.
Unencrypted Devices
Smartphones and other personal devices are often protected only with a password. Employees sometimes send sensitive company information to these devices. While the data may be encrypted while traversing the Internet to the device, it can be unencrypted when it lands on the personal device.
Download the full article “GDPR – Avoiding Loss of Personal Data“