UNDERSTAND THE IMPLICATIONS OF GDPR

Discover what General Data Protection Regulation means for your business

What is GDPR?

From May 2018 the UK Data Protection Act 1998 will be replaced by the EU General Data Protection Regulation (GDPR). The aim of GDPR is to give EU citizens greater protection over their personal data, which can be anything from a name, an email address, bank details, a photograph or a computer IP address, to reshape the way businesses approach data privacy and align data privacy laws across Europe.

What does this mean for your business?

Have you got the appropriate protection in place?

The enforcement date of GDPR is 25th May 2018 and those businesses found to be non-compliant after this date may face heavy fines in the event of a breach.

Has your business taken all steps to minimise its exposure to punitive action?

The geographical scope now includes the data of all EU citizens irrespective of where the data is processed, and the maximum fine for a breach could be 20 million Euros or up to 4% of annual global turnover.

If you have a data breach you must report it within 72 hours of discovery to the Information Commissioner’s Office (ICO) and notify those data subjects affected ‘without undue delay’ after becoming aware of the data breach. If you can’t identify what’s been breached then you will have to notify all data subjects, significantly increasing the cost of breach remediation.

Do you know how personal data is being protected by third parties?

If you have contracts and arrangements with third parties who process personal data on your behalf, which could include CRM providers, payroll bureaus, pension companies, health cover suppliers and insurance companies, you will remain accountable for the protection of this data and you are responsible for determining if the third party will protect the data appropriately. This will require you to carry out a risk assessment on every supplier you share personal data with.

Do you have the appropriate consent?

The changes mean that conditions for consent must be clear and data subjects have the right to request information from the Data Controller of any organisation as to whether or not their information is being processed, how it’s being processed and for what purpose. They have the right to request their information be erased and to stop further dissemination of their personal data.

How can Corvid help?

1. Identify and manage the risks

Start at the beginning and get your house in order. Understand where your risks lie and take action

Corvid provides consultancy services that support a business in identifying its data protection risks, defining an effective management strategy and writing proportionate compliance policies. A well planned and executed information risk strategy can greatly reduce a business’s exposure to potential legal action and liability in the event of a data compromise.

2. Prevent breach and minimise your vulnerabilities

Demonstrate due diligence. Strive for zero vulnerabilities

The first step in preventing a breach is to identify and remove the vulnerabilities that attackers exploit. Corvid’s VARIS Vulnerability Scanning service, achieves this through routine scanning across your IT estate, identifying security flaws and providing guidance on managing and mitigating the issues highlighted. In the event of a data breach the VARIS service provides the necessary evidence that due diligence has been followed and that no known vulnerabilities existed.

VARIS ensures minimum impact for the future. Make yourself a hard target

The running of regular vulnerability scans will ensure your internal systems are hardened, meaning if a breach occurs the attacker will struggle to move laterally within your IT environment and extract additional sensitive information from their initial compromise point.

VARIS Vulnerability Scanning service

 

PERNIX is your first line of defence against the biggest risk of data loss. Don’t place your blame on ‘user error’

Phishing and spear phishing email attacks have become one of the primary forms of compromise, and are increasingly difficult to identify. Corvid’s PERNIX Email Protection service removes the onus on the user being the first line of defence, through removal of malicious content and inspection of potentially fraudulent links, drastically reducing the risk of data loss.

PERNIX Email Protection service

 

Be prepared and don’t rely on luck. Securing your IT estate is fundamental to compliance

Corvid’s CORAX Internet Security service gives protection from attacks and malicious content delivered through internet activity. It protects routine web browsing and prevents malware from beaconing back out through the internet to the attacker, both of which pose a significant risk to the compromise of data.

CORAX Internet Security service

Our WAARDEN Network Defence service provides advanced network protection and detection services through detailed network analytics, preventing attacks designed to evade corporate firewalls and anti-virus.

WAARDEN Network Defence service

 

3. Minimise the impact and stay in control

The longer the breach remains, the greater the damage. Time is money

Minimising the impact of a breach can drastically reduce reputational and financial damage, and reducing the dwell time of an attack before it is discovered is critical to keeping the damage to an absolute minimum. Corvid’s PICA Malware Hunting service conducts proactive malware hunting as standard, which aims to reduce the dwell time of an attack to less than 24 hours, far outweighing the reported industry figures of well over 100 days.

PICA Malware Hunting service

 

You have to know the facts. Not knowing can be disastrous

In the event of a breach, Corvid’s FENIX Incident Response service ensures the return to business as usual, and provides forensic level investigation to establish what information was accessed, how it was accessed and when. This information is critical in minimising reputational damage by ensuring Management are fully briefed and know the facts. The ability to access this level of detail avoids the need for blanket notification broadcasts and validates the need for GDPR disclosure, enabling accurate and informed communication with the affected data subjects and business customers.

FENIX Incident Response service

 

< Return to main Consultancy Service page

Talk to us about GDPR

Want to talk about GDPR and how Corvid’s services can help you comply? Contact us using the form below or call +44 1242 278 787.