Security Solutions for GDPR Compliance
By Rowan Barry
May 14, 2018
On 25th May 2018, the European Union’s General Data Protection Regulation (GDPR) takes effect. One major aspect of the Regulation is that it calls for businesses to have in place adequate security measures to protect both paper-based and electronic data.
As a business, you have no doubt been preparing for the introduction of the GDPR for some time and, in particular, the requirement to protect personal data. Many organisations have; but in most cases the majority of the focus has been on digital security measures to safeguard against malware and hacking. But the fact is that there is just as much necessity for physical security.
It is easy to concentrate solely or mostly on cyber security with so much in the news about cyber-attacks and online data breaches. Physical security is often an afterthought when it comes to protecting data, but as research shows, it is certainly not something that should be forgotten.
Some shocking data theft statistics
The Kensington IT Security & Laptop Theft Survey revealed that over half of organisations fail to use a physical lock to protect their IT equipment. This is worrying, because it means that data storage devices such as hard drives and servers are open to theft. This means non-compliance with the GDPR if the hardware contains personal data pertaining to anyone resident in the European Union.
The Information Commissioner’s Office (ICO) recorded almost 700 data security incidents in the short period between April and June 2017. Of these, 3.5 per cent were down to data being kept in an insecure location or theft of the only copy of encrypted data.
In the financial sector, as many as 25 per cent of data breaches reported are attributed to lost or stolen devices.
In the healthcare sector, 32 per cent of 100,000 security incidents in 82 countries were due to the physical theft or loss of devices.
With as much as a third of businesses reporting that they do not have a physical security policy in place, perhaps these statistics are not so surprising.
A physical security plan and an accompanying policy helps to protect data by safeguarding the devices it is stored on, such as personal computers, storage drives and servers. These plans and policies are particularly important in an age of remote working and should be extended to push remote workers to adopt appropriate security precautions.
So, what steps to take to physically protect personal data so that you are compliant with the GDPR?
Lock down portable devices
Your aim here is to prevent opportunistic theft. 58 per cent of laptops are stolen from offices and 85 per cent of IT managers believe that most thefts are internal. Remember, once a portable device is stolen, the risk of data being compromised increases considerably. This can lead to serious risks for the owners of the data, and significant fines for the organisation responsible for the data breach.
Be sure to lock away all portable devices that contain data when they are not in use. Use suitable safes such as custom designed laptop safes, and ensure offices are protected with British Standards approved locks which have been professionally fitted. Remember, your locks must meet certain standards in order to be insurance compliant.
Make it a policy that staff lock away their laptops and portable storage when they leave their desks to attend a meeting, take a break or go home. There is also a range of lockable laptop bags available from relevant retailers to secure devices when out and about.
Secure your premises
Blocking access to sensitive data at the point of entry to the premises is one of the best ways to prevent theft or compromise of data-containing devices and servers.
Perimeter security measures include door locks, bars, grilles and shutters; intruder alarms and motion detectors; CCTV and access control.
GDPR Compliant Security Advice
If you are looking for advice on installing security measures within your business premises that are specifically geared towards protecting sensitive data, talk to Barry Bros Security.
We are well versed in data protection law and can guide you on how to safeguard not just the data you hold, but also your reputation. Data breaches can lead to considerable problems, but you can minimise your risk by introducing simple physical security solutions.