“We Don’t Store Customer Data On Site So There’s Nothing For Us To Lose” Part 2

In last weeks article we discussed a recent conversation with one of our clients who mentioned they didn’t need to take any measures to protect their organisation against a potential security breach as they didn’t store customer data on-site. Therefore, they felt had nothing to lose in the event of a successful breach.

The article followed the conversation we held with the client, outlining that this isn’t the only thing attackers are after and providing advice on how to ensure that your business is protected.

However, there is another concern which we expressed to the client in question.

The client had also failed to recognise that under the terms of the GDPR legislation which came into force on the 25th May 2018, they are fully responsible for the security of their clients Personally Identifiable Information (PII) regardless of where the data is actually stored.

According the legislation, both the providers and the users of hosted platforms will be held equally responsible in the event of a data breach. This means that utilising third party hosting providers to store customer data is not a successful way of mitigating the risk.

The implications of a successful breach can be severe for organisations, not only can they face significant fines of up to €20 million, or 4% annual global turnover – whichever is higher. Experiencing a data breach can also cause significant harm to your company’s reputation.

The implementation of some good practices will ensure your organisation meets the necessary requirements as well as providing assurance for customers, employees and all other data subjects that their information is being processed lawfully and stored securely.

How do you ensure your organisation meets GDPR compliancy regulations?

For many organisations, all that is required to ensure you are compliant with the regulations is a simple GDPR Gap Analysis to evaluate your current level of compliancy against the existing requirements.

To achieve this, our consultants will review your existing policies, procedures and controls against the requirements of GDPR. Once this has been completed, our consultants will provide you with a report which indicates your current level of maturity alongside recommendations to remediate the gaps.

In addition to this, for organisations which have not yet been able to formally implement GDPR changes, our consultants can create and implement policy documentation and changes within your organisation on your behalf, this will enable you to ensure you are compliant with the GDPR legislation.

As the GDPR legislation is now in full effect it is imperative that all organisations ensure that they are fully compliant with GDPR. If you haven’t yet taken measures to ensure your organisation is GDPR compliant or you have questions regarding GDPR compliancy, please get in touch to speak to one of our specialists. 

© SES Secure Limited and ses-escrow.co.uk, 2019. Unauthorised use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to SES Secure Limited and ses-escrow.co.uk, with appropriate and specific direction to the original content.