The Law is clear ...
The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (UK GDPR post-Brexit). Everyone responsible for using personal data has to follow strict rules to make sure the information is:
- Used fairly, lawfully and transparently.
- Used for specified, explicit purposes.
- Used in a way that is adequate, relevant and limited to only what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept for no longer than is necessary.
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
How to ensure compliance.
There are a number of actions businesses need to take:
- Encrypt all hard disks, particularly for any mobile devices or laptops.
- Carefully separate guest and business networks and WiFi, to keep any personal data secure.
- Use only secure encrypted methods for sending personal data.
- Enforce the use of strong passwords and password management to protect access to data.
- Ensure that all PC’s, laptops, hand-held devices and network equipment are updated regularly to maintain security.
- Ensure all care is taken to prevent unauthorised access to data (e.g. hacking and phishing).
- Implement data protection, GDPR and IT security training for all staff.
- Implement robust business processes to double-check and support all of the above.
- Keep an up to date audit of hardware, software and data storage.
As a statutory requirement, there’s no avoiding your responsibilities under Data Protection and GDPR but a partner such as Magikos IT can help steer you through the legislation and ensure that your data remains SECURE!
For Further Information or advice, please contact the Magikos IT Team or fill in the form below and we will contact you.
Tel: 01344 204019
Email: info@magikos.co.uk