01732 759725
24
Countdown to GDPR
Preparing customers
for GDPR
From May 2018, it will become a crime
to lose unprotected data, making
it time-critical for resellers to help
customers review their equipment and
end-user behaviours to ensure they
comply with the General Data Protection
Regulation (GDPR).
With the global cost of cybercrime
estimated to reach six trillion dollars
by 2021, the safe storage of personal
information and secure destruction of
confidential data should already be
important in every business. This new data
legislation makes the issue integral to
any organisation that handles EU citizens'
data.
From May 2018, the loss or theft of
data may lead to a fine of up to 20 million
euros (£17m) or 4% of annual global
revenue, whichever is greater.
The GDPR will determine how
businesses manage, protect and
administer data. All organisations should
set up procedures for data processing
activities and ensure all IT systems are
robust. Anyone with responsibility for data
will be expected to handle that data in line
with the GDPR.
Under the GDPR, personal data
includes any data that can be used to
identify an individual. This includes genetic,
mental, cultural, economic or social
information, alongside that traditionally
considered to be identifying information.
Ivana Laskodyova, HP Product Manager,
VOW said: "Key steps that companies
should be taking are to identify the data
that they want to protect and in what form;
to establish where the data resides; and to
understand the ‘value’ of this data if it were
to be accessed by a non-approved party."
End user behaviour
End user awareness and training is a vital
element in helping organisations prepare.
End users will need to think about
their use of devices, how they store data
and how they handle any paperwork
containing personal data. It will be critical
that paperwork is not left lying around the
workplace or on machines, particularly
in large offices where multiple users
print on one or two devices.
Printer security
Networked printers help streamline
business processes and increase
productivity, but also leave a fleet
vulnerable to attack. If a printer fleet
is connected to a network, it should
be protected in the same way as PCs and
other network endpoints.
HP advises that cyber security must be
multi-layered, operating at network, device
and user level, with multiple defences
on each. Detect and respond should be
favoured over protect and defend.
Six steps to securing endpoints are:
1
To audit all authorised and unauthorised
devices with access to personal data;
2
To invest in new more secure devices, if
necessary;
3
To implement remote access and
erasure rights for company data on devices;
4
To implement a regular scan and
security software update policy;
5
To implement real-time detect and
response software. Solutions could include
HP Biosphere or SureStart for PC and print;
6
To train employees in cyber security.
HP products offer solutions that can
help mitigate the risk of data loss when
using printers and PCs. These include
HP Enterprise printers, which can detect,
protect and even self-heal attacks,
automatically and in real time; and HP
JetAdvantage Security Manager, which
enables the customer to set security
configuration policies and automatically
validate settings for every HP printer in a
fleet.
Storage devices
VOW Technology Product Manager Claire
Cully said: "Tech resellers should be
promoting products that offer additional
security measures, such as encrypted
USB and SSD devices. Encrypted Memory
devices significantly reduce the risk of a
data breach. By storing sensitive data on
From May 2018,
the loss or theft
of data may
lead to a fine of
up to 20 million
euros (£17m)
or 4% of annual
global revenue,
whichever is
greater.
VOW explains how technology resellers can help customers secure
corporate and customer data prior to the GDPR deadline and the UK’s
new Data Protection Bill
hardware-encrypted USB drives and SSDs,
customers can minimise the risk of their
data being stolen or illegally accessed.
"The GDPR says organisations may
not be required to report a data breach
to the individual concerned if they can
demonstrate that they have ‘implemented
appropriate technological protection
measures’. This means that if measures
have been taken to protect lost or stolen
data via an encrypted device, it may not
have to be reported and so the business
may avoid potential administrative costs,
fines and reputation damage."
Hardware encrypted storage solutions
from Integral Memory will safeguard
customers’ data with high strength,
military-grade security features. Product
solutions include secure flash drives such
as the Integral 256-bit AES Hardware
Encrypted USB range.
SafeXS Protector USB flash drives
protect sensitive data from unauthorised
access and accidental loss, with built-in
encrypted backup, secure file sharing
and computer protection features. These
include auto-destruct settings to delete
data beyond a specified date; the option
of read-only access to prevent malware
infections; and data deletion after 10
failed password attempts to thwart
password-guessing attacks.
For support in preparing customers for
GDPR, please contact your VOW account
manager or call VOW on
0844 980 8000
.
