This website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. Click Accept to consent and dismiss this message or Deny to leave this website. Read our Privacy Statement for more.
Print Page | Contact Us | Sign In | Join
News: Associations News

7 steps towards GDPR compliance

15 August 2017   (0 Comments)
Posted by: Olivia Palmer
Share |

With the General Data Protection Regulation (GDPR) coming into force in May 2018, many companies are still unaware of it or do not have an action plan. Is this because it is such a daunting prospect that it is scaring organisations into inaction?

In this article we will look at some practical steps you can take to help you move towards compliance. What is the solution? Most breaches can be addressed at little cost by configuring your existing systems correctly and by training your users in an effective manner.

We use the 80/20 rule of Pareto law and feel that if the measures below are followed you could prevent 80% + of your GDPR headaches.

  • Know where your existing personal data is, your reason for having it and is it valid?
  • Look at your existing systems, find out if inbuilt security features are enabled, if not enable them.
  • Look at the configuration on those systems and discover if they can be configured to prevent some of the most common attacks. Patch rapidly and regularly.
  • Wherever possible Encrypt. Many systems have this as a built-in functionality.
  • Look at who has access to what and whether they should have that access. Clean up Active Directory of old accounts and tighten things up.
  • Adhere to the SANS top 20 critical security controls. There is really no excuse not to have these areas covered.
  • Train your staff in the basics of data security awareness and revisit this on a regular basis with everyone.

Get buy in from senior management to take the whole GDPR compliance issue, it has the potential to seriously impact the business and inaction will not be tolerated by the Information Commissioners Office, so do act now.

About the Author: Jim Sneddon founder of Assuredata is a security industry veteran of 17 years with a wealth of experience working with organisations helping them to become compliant and secure. He has experience of a wide range of technical and organisational solutions and will always advise on doing more with your existing investments. Jim is also a Certified Information Systems Security Professional (CISSP) and a Certified EU GDPR Practitioner.

Become a member of the AAE and gain access to educational resources, and benefits including eLearning, Success Stories, and Association Insights

Become a Member Today

The Association of Association Executives is a service from The Networking Organisation Ltd
6 Claremont Road, Surbiton, Greater London, KT6 4QU, United Kingdom  |  Tel +44 (0) 20 8004 6300