The introduction of the new European General Data Protection Regulations (GDPR) has created a major upheaval in the area of IT security in general, and of Data Protection in particular.
With the introduction of the GDPR, emphasis has been placed on the accountability of company directors, and officers.
The GDPR is designed to strengthen the rights to data protection of all EU citizens and set clear data protection rules for businesses and other organisations that hold an individual’s personal data. Not only do these new rules apply to organisations that operate within the European Union. They apply equally to any organization that stores or processes the personal data of any EU citizen regardless of their geographical location.
Under the new rules, directors and other officers have a responsibility to ensure that personal data is protected, correctly secured, and properly handled. Furthermore, there is also responsibility to record, document, investigate and report all breaches of data security, in many cases within seventy two hours.
The new legislation equally applies to small and medium sized enterprises as well as global corporate organisations. Therefore whether you are a one man band, or a global player, if you hold any personal data electronically whether related to customers or businesses that you deal with, you must comply with the new regulations.
Failure to observe these new regulations, can be met with fines of up to €20 million or 4% of the corporate global annual turnover. This does not take into account any personal or corporate liability claims, for negligence, loss, reputational damage or even distress.
Given the gravity of the new regulations, a business should employ the services of a specialist to help them ensure conformance. Your accounts are produced by a trained accountant, and in a similar manner, your IT security should be maintained by a trained IT professional.
Recruiting and retaining specialist security personnel is a significant challenge.
This is true, not just from a technical skills perspective, but also from a financial one.
Esix have a ready-made team of industry specialists within a broad range of security disciplines, including data protection, network infrastructure, programming and database design, remote access services, encryption, disaster recovery, virtualisation deployment, forensics and fraud investigation.
This enables our consultants to undertake new projects and “hit the ground running”, saving any organisation valuable time, and ultimately money.
As the computer industry matures and our dependence on our IT infrastructure increases, it is necessary to have a professional body to oversee the industry and ensure that fully qualified professionals can practice at a senior level. This has been true in the accounting, engineering and building industries for many years.
All our consultants have attained and qualified as Chartered Members of the British Computer Society, which sets the “Gold Standard ” of IT professionalism.