As a certified cyber essentials certified company, Kingsfield work with leading vendors to give you the right package around all your solutions and compliance; For example, we can provide and build an advanced security operations to center and revitalise your governance:
How Compliant Is Your Organisation?
GDPR isn’t something you want, it’s something you have to have in your organisation to take control and there’s no way around it. Whether those risks stem from external cyber threats, identity and access management challenges, online fraud, compliance pressure or any number of other business and technology issues.
It’s the measures organisations must take to protect personal data belonging to residents of the EU, which includes the opportunity to protect sensitive data in your organisation, fight online fraud, or detect the most covert cyber threats lurking on your networks. The new regulations came into place in 2018 and you need to start preparing now!
How Can Kingsfield Support Your Organisation?
Kingsfield work with high profile vendors to give you the right package around all your solutions and compliance. For example, we can provide and build advanced security operations to center and revitalise your governance:
GDPR highlights the need to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy. For example, being able to demonstrate through appropriate governance measures. These measures include but are not limited to:
Understanding what personal data an organisation handles and where this data resides.
Firms will only have to deal with a single supervisory authority
Performing risk assessments to remove exposure to accidental or unlawful loss of data
Implementing various technical and organisational controls to protect personal data
Appointing a chief data protection officer charged with overseeing GDPR compliance
A risk-based approach must be adopted before undertaking higher-risk data processing activities
Processors can be held liable for data breaches, resulting in fines
Data controllers must report data breaches to their data protection authority
Notice must be made within 72 hours of data controllers being aware of it
Article 35 of the GDPR states that data protection officers must be appointed for all public authorities
GDPR defines the rights of individuals to protect their personal data. These rights include; informed consent, Access, Correction, the right to be forgotten and data portability.
GDPR And The Environment
Data disposal is a major part of the GDPR. Kingsfield are proud to offer a secure, GDPR compliant national collection service for all your redundant IT assets. Utilising an ADISA certified collection partner we ensure complete data security for your peace of mind as well as offering the most generous rebates on the market for your redundant machines. For example, we will take full custody transfer and documentation, security check the service representative, online account access, protect your data, dispose and erase data and destroy your data.
In the UK, 51% of confidential data is stored on flash drives. If a flash drive becomes lost or stolen, that confidential data is at risk of falling into the wrong hands. It is an obligation to report this incident to the data protection officer. However, without any proper paper trail that the data is encrypted, a fine is still in order.
Kingsfield are able to help provide a Safe Console that enables you to access, lock and remove data without resulting in a fine. It’s the perfect paper trail, no hassle or installation. Kingsfield are there to help.
Minimising access to only those with legitimate need to access personal data is another key part of GDPR. For example, passwords need to be strong authenticated passwords to avoid unauthorised access to sensitive resources or perpetrate a full-blown breach. Furthermore, access Policy Management serves a vital function; protecting user identities and ensuring data is only accessed for legitimate purposes.
This enables the documentation and control of user transactions to ensure they are role appropriate. Lastly, evolving business needs around mobile devices and cloud applications create new access control considerations, such as, protecting data which fit around the access of employees, customers and partners.
Having a proactive alerting and visibility of how your network is performing and the threats affecting your network can minimise network issues. Kingsfield can help provide a monitoring system so you know there’s a problem before it’s even happened. This works by monitoring systems, learning KPI, patterns and human behaviour, alerting you when these patterns have been broken and predicting the future.
The recent revenue from cyber-crime, not to mention its potential for state-sponsored terrorism, ensures a level of resource and innovation that can be hard for any individual company, or even national government, to match the evolving threat landscape. Part of the problem comes from the way cyber security has evolved. For example, on the discovery of each new attack, another security solution needs to be implemented. This is not only hard to manage, but can easily lead to gaps and inconsistencies in the response to new threats.
The adoption of trends such as mobility, cloud computing, and the Internet of Things all expand the effective attack surface, exposing new vulnerabilities, and eroding the traditional concept of a network border. Any solution worthy of the term, ‘State of the Art’, will not only need to overcome the above challenges, but continually adapt to changes in the usage of technology in the evolving threat landscape.
To reduce exposure to the potentially crippling implications of a serious data breach, it is necessary to minimise both the number of network intrusions, and their time to detection. Kingsfield can offer multiple products that can fill all key components of the security infrastructure. For example, anti-virus, hardware and software, applications, access management and much more.
What To Do When A Breach Occurs
The first challenge to the GDPR’s breach notification requirement is to detect when a qualifying breach has taken place and determine which assets might be at risk. Almost by definition, any successful external security breach must have either evaded detection entirely, or was not detected quickly enough. This means it either exploited an attack mechanism unlike any previously encountered, or the flags that it did raise were missed. In 2016, the average time taken for organisation to become aware of a typical breach was almost five months! Fortunately, the GDPR 72-hour notification window opens at the moment of detection, not the moment of intrusion. Since it is clearly impossible to detect the undetectable, security administrators should accept and prepare for the inevitable, occasional intrusion, while striving to minimise such occurrences and hasten their detection through every means possible. As previously noted, the GDPR does not require notification for all security breaches, only those that present a risk to the rights of individuals.
In the moment of a breach, please try and contact Kingsfield as we work proactively with organisations to help your situation to ensure it is handled effectively and immediately. A strategy will be defined and the appropriate technology around that strategy will ensure that proper incident management procedures are followed, the right stakeholders are alerted and actively involved, documentation is captured throughout the investigation and remediation processes are followed to ensure proper reporting post mortem. Remember, the full process of identifying, reporting and resolving the breach must be completed within 72 hours.
Organisations found in breach of the regulations can expect administrative fines of up to 4% of annual global turnover or £20 million, which can lead to business insolvency, reputation damage and customer loss. Regulatory fines can result in senior executives facing fines or even imprisonment for negligence and legal non-compliance.
Yes, they are vital to the controller and processor relationship as it binds both parties to the agreed terms.
They must only be appointed on case of public authorities, organisations that engage in a large scales monitoring systems or organisation that process sensitive data. However, it’s still encouraged if you don’t fall in these categories.
No, as cookie tracking and IP addresses are classed as non personally identifiable information.
Yes, as it’s all identifiable information.
Yes, even though the UK will be leaving the EU, the new regulation will still be coming forth to protect everyone’s data.