In current months as you’re almost certainly aware, both British Airways & Marriott Hotels have hit the headlines due to tremendous GDPR fines – £183 million for British Airways and £99.2 million for Marriott.
The fines show that the General Data Protection Regulation has given enforcers like the UK’s Information Commissioner’s Office, some substantial tools to work with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a meaningless $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.
With these new penalties in strong action, we very much advise you make sure you’ve lessened your risk of being next in the firing line.
GDPR is centered on safeguarding European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever you are located. Marriott, a U.S. organisation, is a prime case in point.
Here are five best rules we advise all businesses stick to, in order to decrease the risk of an irreversible GDPR fine:
- Update daily, patch regularly. Reduce the risk of a cyber-attack by fixing issues that can be used to gain entry to your systems illegally. There is no boundary, so everything matters: patch everything you can get hold of.
- Protect confidential data that’s in the cloud. Treat the cloud like any other network you own – close un-needed ports and services, encrypt data and ensure you have proper access controls in place. And do it in all your locations.
- Limit access to private data. Lessen your exposure by collecting and retaining only the information you need and making sure only people with access to it are the people who need it to do their jobs. Not everyone needs admittance.
- Educate your business. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR obligation. Whether they’re engaged with computers or not, everyone requires training.
- Document and prove data protection events. Be able to show that you have thought about data protection intensely and have taken sensible precautions to secure personally identifiable information.
Want to get the best solution for your business?
At CCS, we take a security-first approach to technology – ensuring our client’s systems are best protected.
If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration, consultation to explore how exposed your business might be and identify actions to take.
To book a consultation or to arrange a further discussion, please get in touch.