GDPR are issuing some nasty fines, Avoid them.

In recent months as you’re almost certainly aware of, both British Airways & Marriott Hotels have hit the headlines due to immense GDPR fines – £183 million for British Airways and £99.2 million for Marriott.

The fines show that the General Data Protection Regulation, has given enforcers like the UK’s Information Commissioner’s Office, some major tools to play with. BA’s fine is almost 400 times larger than the ICO’s previous record fine – a worthless $645,000 penalty handed to Facebook for the Cambridge Analytica scandal.

With these new fines in strong action, we very much recommend you make sure you’ve diminished your risk of being next in the firing line.

GDPR is concentrated on protecting European Union citizens and it applies to anyone who holds personal data on an EU citizen, wherever you are located. Marriott, a U.S. organisation, is a prime case in point.

Here are five best rules we recommend all businesses stick to, in order to minimise the risk of a destroying GDPR fine:

  1. Patch daily, patch frequently. Reduce the risk of a cyber-attack by fixing issues that can be used to gain entry to your systems unlawfully. There is no perimeter, so everything matters: patch everything you can get hold of.
  2. Safeguard personal data that’s in the cloud. Treat the cloud like any other computer you own – close un-needed ports and services, encrypt data and ensure you have proper access controls in place. And do it on all your locations, including QA and development.
  3. Decrease access to personal data. Reduce your exposure by collecting and retaining only the information you need and making sure only people with access to it are the people who need it to do their jobs. Not everyone needs access.
  4. Educate your business. Ensure that everyone who might come in to contact with personal data knows how they need to handle it – this is a GDPR requirement. Whether they’re involved with computers or not, everyone requires educating.
  5. Document and prove data protection activities. Be able to show that you have thought about data protection deeply and have taken sensible precautions to secure personally identifiable information.

We are Dromaeus

From the smart phone in your hand to complex solutions powering your business, Dromaeus was founded to connect your company with the power of technology. Our end-to-end portfolio of products, services and solutions, highly specialised skills and expertise in best-of-breed technologies enable us to deliver products and develop solutions that you need to remain competitive in today’s’ digital era.

Dromaeus IT