22 January 2018
The new Global Data Protection Regulation (GDPR) promises to be the biggest change in corporate information security since the original Data Protection Act 1998 came into force. Under GDPR, businesses have new responsibilities when handling personal data – and face huge penalties for breaches.
Most corporate data is now held digitally, so the responsibility for implementing GDPR safeguards has (in most organisations) fallen to the IT department. Importantly, GDPR affects every item of personal data – including those details held in hard copy paper files – so everyone has a role to play in safeguarding information, not just IT.
The matter of data protection has become more and more critical with the increase in global understanding that data is key, and data analysis is essential.
Because the penalties for breaching GDPR are so stiff – up to €20m or 4% of global turnover – businesses need to provide a basic level of training for every employee, helping them to understand their responsibilities. It also makes sense to train GDPR practitioners who can draw up internal processes and procedures, and help to share knowledge with the rest of the business.
These GDPR practitioners will need to carry out urgent data audits so that they know what personal information the business holds, which systems that information is hosted in, and where the data physically resides. Importantly, GDPR also covers archive data held in cold storage, including legacy backup tapes. These will need to be catalogued, indexed and made available for access requests from the individuals to whom that data belongs.
This also means that legacy hardware and drives used to access archive information will need to be brought back into service so that “right to be forgotten” requests can be honoured. GDPR practitioners may use this audit opportunity to securely delete data that is being held in cold storage and which is no longer required – in which case retaining those assets is already in breach of the regulation.
Data Practitioners are typically involved with existing assets, but by implementing GDPR-compliant design at the software development stage, your business can ensure data is protected at the point of capture too.
By completing the GDPR for IT & Software Professionals Training course, developers will not only understand the new rules governing the data being collected and stored, but the mechanisms by which it can legally be gathered. This knowledge will also be crucial to building more secure systems and applications that better protect data belonging to individuals.
Developers may also find that they need to reverse engineer existing applications to facilitate requests to delete data. Traditional database systems are typically focused on the process of capturing and sharing data with other in-house applications. GDPR demands that data can also be removed from all of these linked systems within a “reasonable timeframe” (thought to be 30 days).
Finally, the IT team will need to draw up a procedure for identifying, assessing, reporting and mitigating data breaches. In an era when cybercrime and cyberattacks occur ever more frequently, these plans will be vital to protecting individuals in the aftermath of a breach.
GDPR will undoubtedly have a massive impact on your business – and your IT team is on the front line. To learn more about GDPR preparations and how to ensure your IT team are ready to face the challenge, please give us a call to discuss our GDPR training courses.
It's important not to let the new regulation prevent your business from diving deeper into the realm of big data, including data analytics and data science. Data is still the most powerful tool any company can have.
W help companies better understand the analyse data, by offering onsite analytics courses such as python for data analysis and python data science.