On the 13th of June, at King Street Townhouse in Manchester, Intercity Technology hosted an event designed to introduce the world of GDPR to intrigued attendees. The event began with a quick introduction from the marketing director of Intercity Technology, Georgina Lord, who thanked Check Point for sponsoring the event, before handing the stage to Anthony Cairns.
Introducing the Importance of GDPR
As the founder of thinkfortytwo, Cairns has spent more than twenty years in IT and Telecoms, and began by telling the audience that he wasn’t a “compliance officer”, but he was there to discuss what GDPR means for the marketplace. Cairns commented that GDPR will replace the data protection act as a form of worldwide legislation for all companies that process personal data.
As the definition for what’s classed as “personal data” becomes broader, tighter rules for consent have been introduced, meaning the companies need to start thinking about appointing data protection and compliance officers as soon as possible. It’s no longer just about the future best practices for a company, but about focusing on the personal data that companies are already storing.
According to Cairns, GDPR will require “Privacy Impact Assessments”, that may need to be presented to the ICO for approval, and the ICO will need to know within 72 hours of a business becoming vulnerable to a data breach.
Anthony Cairns, founding director at thinkfortytwo said: “It was great to see how many attendees have started their GDPR journey and also how they see GDPR as a positive, driving good practice of data handling into businesses.”
Tackling GDPR
GDPR has introduced several new things for businesses to address when it comes to security, including the complex “right to be forgotten”. If you’re unable to meet with the demands that have been put in place for data protection, then the penalties are tough, at 4% of annual turnover, or 20 million in euros (depending on which is greater).
Cairns pointed out that GDPR officially comes into effect on the 25th of May 2018, so the clock is ticking, and tackling the new process means focusing on five key things:
- Confidentiality: The ability to keep data safe and prevent people from compromising data accuracy and quality through fraud
- Availability: Making sure that organisations can make changes to their data when necessary
- Technology: Accessing the right security through resilience, checksum, and encryption
- People: Giving the right people access control, and establishing business continuity plans
- Processes: Implementing careful training and policies
Cairns summarized his section by noting that businesses need to review the data and services they hold today, and the gaps between DPA and ISO 27001, before establishing a plan to start the journey to GDPR compliance. The new services you implement, may need to be “privacy by design”, which means working alongside your partners and suppliers, while using information security and technology as a differentiator in the marketplace.
Introducing Check Point Infinity
With a final reminder that the clock is ticking on GDPR, Anthony Cairns handed the stage to Kai Vaksdal, the European project manager for Check Point Software. Kai introduced the new Check Point Infinity product, the company’s latest solution to offer consolidated security features across all networks, both on the cloud, and in mobile devices.
Check Point, as a business, focuses on adhering to technical requirements, like those implemented by GDPR, and ISO 27001, continuous monitoring, and auditability. The key points that Vaksdal made, was that today’s companies need to focus on implementing the right technical measures into their environment, performing necessary risk assessments.
Check Point Infinity makes the most of open interfaces and unified threat intelligence to protect any environment against a targeted attack. Check Point uses pre-emptive threat prevention strategies to upgrade security for businesses, and block attacks before they can happen. Check Point Infinity also consolidates the management of various security layers, for greater policy efficiency.
Andrew Jackson, CEO at Intercity Technology said: “Many businesses are still unaware that GDPR is looming. However, given the new regulation signifies the biggest change to data privacy laws in decades it’s crucial that companies actively prepare for it. The size of the potential fines that the ICO can now levy could have serious – if not fatal – consequences for any organisations that falls foul. It was certainly encouraging to see the number of forward-thinking attendees at our event who are obviously taking GDPR seriously.”
The Bottom Line on GDPR and Security
According to IT experts, Gartner, 95% of security breaches might have been prevented with the correct security appliances. New solutions like Check Point allow companies to access security best practices, while remaining alert to things like errors, progress reports, and more. Check Point even have a compliance Blade which helps to validate policies, and offers a dashboard that displays a real-time compliance score regarding GDPR and other standards.
If today’s businesses are unable to encrypt their data before it leaves their organisation, they won’t be able to meet with GDPR requirements. However, if you’re only just starting to think about your data security in response to GDPR regulations, then you may have a long way to go.
Ultimately, it’s time for all businesses that handle sensitive data to start recognising the threats around them. After all, approximately 10 million attacks take place every day. What are you doing to protect your company?
