GDPR computing can help achieve strong data security through enterprise-grade tools and measures, and preventing inappropriate access to data and information
Category archives: Published Article
JOSEPH BLASS, chief executive officer of IT and telephony provider WORKPLACELIVE, urges charities to address IT security issues such as ransomware.
With the onset of GDPR (General Data Protection Regulation) in May 2018, data protection requirements will become more stringent. The responsibilities placed on an organisation relating to the data it holds will be two-fold:
•As a data controller (where the organisation enters and maintains personal data), the organisation must comply with rules concerning consent, access and transfer-ability
•As a data processor [where the organisation holds data on its own servers] it must follow regulation by ensuring high level cyber security, physical hardware security, strict backup regimes, firewalls and auditing. For example, a data processor is responsible for monitoring the access to the physical equipment on which the data sits, and the route the data takes to be processed. A good way of doing this is to produce an access control policy, which clearly sets out roles and rights of staff members, only allowing staff with sufficient rights the ability to access system.
What’s an organisation to do?