GDPR

Comprehensive or partial prepare to GDPR

GETTING READY FOR GDPR! WHAT IS GDPR?

 

The GDPR (General Data Protection Regulation) is a Regulation of the European Parliament and the Council of 2016/679, which is mandatory from 25 May 2018 for any organization that manages, processes, transmits or stores personal data of European citizens whether it is a customer , partner, or co-worker.

The regulation contains more complex and stricter regulations than the pre-GDPR regulation, but since the Hungarian Infotainment Act has been one of the most strict regulation in the EU, it might not be a big change for those who complied with that previously

However, GDPR draws attention to significant penalties, since in the event of a breach of the rules, the penalty may reach 2 to 4% of the annual revenue of the organization, which means that fines in case of serious violations can reach  millions of euros.

HOW TO START ?

 

The very first thing we need to figure out is what data assets we have! Who can and who could access this data? Which employees have the authority? What guarantee that your customer’s information may not be disclosed to third person? How is the data stored? Which security levels have been included in the system to prevent data leakage? What happens to a data loss or data leak? Where and how long are these data stored? As we can see, these are quite complex issues, and that’s just a few questions we need to answer in order to get a good picture of how the GDPR’s areas can be adequately covered.

ARE WE CONSIDERING AN ALL-AROUND AUDIT?

 

When the all-around audit is done with proper thoroughness, it requires business process management, legal and IT expertise at the same time, so if a complete solution is needed, SERCO IT & Services will take the lead with the involvement of a dedicated external expertise partner. Of course, we can work with any consultant, but if you have not chosen a suitable partner yourself, we can also offer you an experienced and even more importantly  a partner with the right methodology who can develop an action plan that will suit your business to GDPR requirements after  comprehensive audit.

WHAT IS THE RELATIONSHIP BETWEEN GDPR, IT AND SERCO IT & SERVICES?

 

SERCO IT & Services can rely on their own competencies and premium manufacturer support to provide IT audits on their own or if there were some previous audits or other activity plans then SERCO is ready to cover the IT related tasks and challenges with the services in their portfolio.

USUALLY WE FIND PROBLEMS IN THE FOLLOWING TOPICS:

ERP / CRM SYSTEM RELATED PROPOSALS

 

Basic expectation that the personal data, orders, documents should be stored in these systems. These systems are tailored to the needs of users, and are able to meet the requirements of GDPR but it is important to mention that the existence of these systems does not automatically means GDPR compliance. Rules, accessibility, eligibility levels, etc. they may often require fine-tuning or complete redesign for success.

OBSERVATIONS AT THE IT INFRASTRUCTURE:

 

The right IT infrastructure is a critical point to accomplish GDPR. Performance, operational security, change management, password protection, remote access all greatly affect how we can meet regulatory requirements. Our experience that the existing systems in this area must be / should be optimized or expanded.

GENERAL ITSECURITY ISSUES:

 

It is important that we speak about the network devices that serve our systems. All of these tools ensure that everyone gets the information for their work, but only the assigned people have access to the data. As we know, there is no 100% protection, but the proper configuration of these devices ensures that the data is protected first on an external intrusion, and professionals are aware of such an attempt in time. It is important to also mention the protection of passwords. We know from experience that a large number of companies do not pay enough attention to these.

LACK OR MISUSE OF SAVING ARCHIVING SYSTEM:

 

Backup and archive is an area that, if not handled properly, can result in partial or total loss of data. Whether you store data on your device, in cloud, or in a combination of these, the right backup is essential to keep the data secure and to keep your business running smoothly. The past years have shown that there are not any “big companies” in Hungary that are prepared for all kind of attacks. There are at least 4 top companies that  IT professionals know of  who did not had the necessary skills, so after the attack, due to the lack of backups andpreparation it resulted in a total break down  of operations for several days.

DELETING AND DISPOSING DATA PROBLEMS:

 

Deleting data is an area where the organizations usually nottake too much care. Take for example, an obsolete server that stores more than 10,000 customer data. When the server is replaced, the IT colleague will delete the personal data stored on the server after migration, formatting the hard drive, and then, as usual, the company sells the server. This is a common task, however, does not guarantee that the data on the hard disk will not be restored by a competent person with the appropriate program. The deletion recommended by SERCO IT & Services is so reliable that it suit NATO, NSA, FBI’s strict rating systems. Data deletion, disinfection, physical destruction, resulting in unrecoverable data, all of which are documented credibly.