IKEA’s TaskRabbit breach means new passwords
Posted By: ITWiser Webmaster - Yorkshire's IT Specialists
Downloads: Free Remote Support: Click here Remote Monitoring: Click here
GENERAL ISSUES
SPECIFIC ISSUES - FREQUENTLY ENCOUNTERED EXCUSES - THE DENIAL CONCEPT
The following statements are those most frequently made when raising GDPR with businesses and other organisations affected. Hopefully our comments on each will be helpful
-> "it doesn't apply to me”
If personal data is held or passed onto others it does as every business or organisation will automatically come under the jurisdiction of ICO and caught by the new rules
-> “I'll not get caught out”
Risky approach with ICO able to randomly inspect. Also anyone could complain at any time to ICO. You are also at higher risk of being attacked and exposed if your IT security falls short of the standard.
-> "I'll pay the fines it's cheaper”
The cost of compliance will be different in every case as it depends on the competence of existing systems and what's required to make them compliant. At 2-4% of global turnover fines are aimed at being a dis incentive to ignore
-> “I have someone that looks after my IT who'll sort it out.”
Most businesses have but only a very small percentage of those tested are compliant and an increasing number are getting Cyber attacked. Only a small number of IT companies can provide the necessary security standard certification so it is recommended you check they can sort it out. As a user, generally you only know whether your IT system is doing what you require of it so often you are not aware of the level of security built in.
GDPR IN CONTEXT
Whilst emails and documents may be created it is important that when sending and storing these that they remain available only to those for whom they are intended. In their raw form and without security to the required standard sending emails is like posting a letter without an envelope and storing a document like leaving this on your desk in a building that’s never locked. When this is your personal data you have a right to be concerned which is the reason GDPR exists.
HELP AVAILABLE
ITWiser is authorised through the Information Assurance for SME's consortium (IASME) for this purpose. IASME is also currently the only Accreditation Body to have an agreed process by GCHQ that can issue a 'GDPR ready certificate' that follows on from the Cyber Essentials certification. Contact us for more detail on both or either Cyber Essentials or GDPR ready certifications through any of the contact points.