Here’s Your HackerCombat GDPR Special: Security Tips For Agents

GDPR is finally here, and it’s time to start discussing how its various legal aspects will affect data security in the wake of the new regulations. Let’s begin with a brief introduction about GDPR…

The GDPR: A Brief Introduction

The GDPR (General Data Protection Regulation), which replaces the Data Protection Directive 95/46/EC, is a regulation in the European Union law on data protection and privacy. It applies to all individuals within the EU (European Union) and the EEA (European Economic Area) areas. The GDPR also seeks to address things related to the export of personal data outside the EU and EEA areas.

The GDPR was adopted by the European Parliament on 14 April 2016 and it was on 25 May 2018 that it became applicable in all the member states. From 20 July 2018, the GDPR has become valid in the EEA countries (Iceland, Liechtenstein, and Norway) consequent to the EEA Joint Committee and the three countries agreeing to follow the regulation. However, since the UK is scheduled to leave the EU in 2019, the country has granted royal assent to the Data Protection Act 2018 on 23 May 2018. The Data Protection Act 2018 has equivalent regulations as the GDPR.

Tips for Agents

Here’s a look at some of the things that need to be ensured in the wake of the GDPR being implemented:

• It’s to be ensured that all members of the staff, for any organization that collects, stores and uses data, are properly trained in the new rules of the GDPR. This is of utmost importance as it would help ensure that the staff members don’t inadvertently breach any of the new rules.

• The GDPR is very particular as regards the security of personal data. In fact, there is no substantial change in the requirements pertaining to the security of personal data. The GDPR states that “…personal data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.” (Article 5 of the GDPR).

• To ensure the security of personal data, it’s important to understand and follow the guidance from the ICO (Information Commissioner’s Office) on issues like introducing encryption of data, doing information risk assessments, having suitable data security policies in place etc.

• Employers are expected to have a home-working policy. This would include information on what the staff can do and what they can’t. It’s to be ensured that this home-working policy is publicised and enforced thoroughly. (The contents of the home-working policy, for each organization, depends on the level of information risk that the organization faces and would include all general good practices).

• The home-working policy might include things like keeping data safe, ensuring encryption of mobile devices, recommending avoiding personal devices (or using approved software to partition personal use from business use) etc.

• Utmost discretion has to be practiced when an employee uses internet connection in public places. The connection would be unencrypted and could lead to data breaches. The best thing to do would be to avoid unencrypted public connections while working and handling data.

Disclaimer: These are just general tips that could be practiced in view of the implementation of the GDPR and are not clauses from the GDPR.

It should be taken as general guidance and should not be taken for legal advice. If you need to know in detail about the GDPR and its implications on your business, we’d advise you to make your detailed investigations or seek legal advice.

HackerCombat makes no promises as regards the accuracy and the completeness of the information covered here while endeavoring to ensure that the information given here is as correct as possible.