Data privacy laws changed on the 25th May 2018. Like the old Data Protection Act (DPA), the new General Data Protection Regulation (GDPR) applies to ‘personal data’. But the responsibilities being placed on companies are more far-reaching.
The GDPR is concerned with the capture, storage and use of personal information and therefore impacts directly on your IT systems. To find out more about what this new regulation means for your business network, please arrange a meeting with one of our experts.
The more expansive definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people. You can assume that if you hold information that falls within the scope of the DPA, it will also fall within the scope of the GDPR.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
SENSITIVE PERSONAL DATA
The GDPR refers to sensitive personal data as “special categories of personal data”. These categories are broadly the same as those in the DPA, but there are some minor changes.
For example, the special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
RISK INTELLIGENCE MONITORING
One of the biggest risks a business faces is the storing of personal data in locations which are unsupervised or not regularly checked by management. Our risk intelligence scanning software identifies these risks by scanning hard drives and interrogating as many of the potential locations where data could be stored.
- Scan letters, PDFs, note pad files and emails
- Protect customer and employee data such as national insurance numbers, driving licence details – even credit card and bank details.
- Regular scanning demonstrates to the authorities your efforts to actively prevent a potential breach of GDPR rules.
FILE ACCESS MONITORING
Nowadays companies of all sizes rely on electronic documents. Some of these files are of paramount importance, as they represent the heart and soul of the business itself and they need to be protected from accidental disclosure, and theft. IS DECISIONS software monitors and shows in real-time the access (or access attempts) to sensitive files and folders across a Windows File System.
This software provides a comprehensive, centralised, sortable list of access events (or access attempts) to paths you have selected, checking for:
- read, write, delete accesses
- file ownership changes
- permission modifications
- file attributes changes