What do Sports Direct, the NHS and the Association of British Travel Agents (ABTA) have in common? They have all been subject to serious data breaches, reputational damage and investigation by the Information Commissioner’s Office (ICO).
Are you confident this can’t happen to you? Do you have an assessment and treatment approach that proactively identifies security risks rather than dealing with breaches when they happen?
Information and data security is a fundamental component of an effective information management regime, when coupled with re-use, sharing and exploitation of your information assets, will provide a platform for proactive and predictive analysis that delivers cost savings and a substantial competitive advantage.
The General Data Protection Regulation (GDPR), coming into force in May 2018, will raise the benchmark for organisations in the management and protection of personal data. Demonstrable security measures will need to be in place to prevent personal data being accidentally or deliberately compromised.
Organisations will need to focus on designing and organising information security to fit the nature of the personal data held and the harm that may result from a security breach. The main areas to focus on include:
Information – understand what information and personal data you hold, where it is stored, and how it is collected, secured and shared
People - you must be clear about who in your organisation is responsible for ensuring information security and ensure your staff are trained in how to protect their data
Policies and Processes – you’ll need robust policies and a data breach management and reporting process, so you are ready to respond to any breach of security swiftly and effectively
Technical Security - all devices and repositories used to capture personal data should be regularly checked to ensure sufficient protection is in place
Physical Security – ensure unattended information, equipment or media has appropriate protection and security perimeters are in place at your workplace
Focussing on the above elements and reviewing your processes now, means you are much less likely to be the victim of a potentially damaging data breach in the future.