How Expensive is Data?

By Pink Connect

The European Union and British Government think it’s priceless… and they’re prepared to protect it.

Coins falling free image
GDPR: Not compliant? Be prepared to lose money.

The value of data clearly depends on the type of data – but in business, data is hugely valuable. Business just does not work without it. So valuable in fact, regulations are now about to change forever regarding the handling of personal data. Personal data is any information that can identify an individual or organisation. Handling data incorrectly can result in harm, not only to the individual but to the company who is responsible for safeguarding that data, both financially and through reputation loss. This is going to affect every single business in Europe and most other businesses internationally.

The sooner you start preparing and the sooner you get your business in order – the smoother the transition will be and you’ll be protecting your business against a devastating financial penalty, that in all honesty, will probably be the end (depending how much money you have in the bank!).  We’re not trying to scare you, but if you’re not ready for GDPR, then you really are in trouble – it’s the law after all.

How do I become GDPR compliant? What is GDPR? All of your frequently asked questions can be answered by clicking here or by using our live chat system.

NatWest credit card
Personal data: Have you secured your customer’s details. If you’re not PCI DSS compliant the answer is ‘no’.

Not only is GDPR an example of society becoming more protective of data – so is PCI DSS. Becoming PCI DSS compliant will demonstrate that your business takes security seriously. This can be done by displaying the PCI DSS Certificate in the office reception, on the website and even on email headers and stationary. Having PCI DSS compliance under your belt is a great way to have the essential foundation security requirements for other standards and certifications, such as ISO 27001 and Cyber Essentials; it will additionally prepare companies for the imminent GDPR –  that comes into force on 25th May 2018. On that date, it will be law and all UK & EU businesses are required to comply with it.

PCI DSS compliance isn’t law, but it certainly is something that you should be looking at to operate ethically and protect your customers from harm. If you want to know more, once again you can use our live chat system, or simply give us a ring on 0345 450 9393.

Companies that handle personal data need to ensure they follow the

CIA triad data protection model
Following the C.I.A Triad model can help your business stick to GDPR guidelines.

What is the C.I.A Triad model? 
C is for Confidentiality, guaranteeing the data can only be seen or accessed by authorised individuals.
I is for Integrity, ensuring data is accurate.
A is for Availability, guaranteeing the data can be accessed by authorised individuals at the right time.
Following these principles is a basis for a secure system to handle personal data and can really help you out down the confusing road of GDPR. This model isn’t everything of course and we strongly recommend that you give us a call or use our live chat system to book an audit or an appointment with our data protection experts.

It’s all well and good using the C.I.A triad model, of course, but you need to ensure data is properly protected and part of that is looking at the three possible states it can be in:

  1. The first state is “in transit”. When data is moving from one location to another (either physically or digitally). Security is paramount for this. Without the right controls “Hackers” can intercept the data and either copy or manipulate it.
  2. The second state data can be in is “at rest” – this is when data is stored on either a server, on a PC or Laptop hard drive, USB sticks or in the cloud. Storing personal data correctly must be a top priority, ensuring highly sensitive information such as passwords are hashed and salted or encrypted, to prevent the data being read.
  3. Lastly, there is “processing” – this is when operations are carried out on the data, some examples can be comparing, arranging or transforming data.

Protecting personal data must now be the high priority for every business operating within the EU and with EU establishments. GDPR (General Data Protection Regulation) is a new regulation from the European Union that will become law and enforceable on May 25th, 2018, replacing both the Data Protection Act and the Data Protection Directive. It will be UK law despite Brexit. If any data has been leaked, it can cause harm to a lot of different individuals and certainly to the company through fines from the ICO (Information Commissioners Office).

Pink Connect are experts in GDPR and know what it takes to comply with the new legislation. Pink Connect are also partners with the leading edge security company ESET, who offer many great free resources to protect the storage and transmission of data for GDPR compliance. Pink Connect is always available to discuss your specific company needs to become compliant with Cyber Essentials, PCI DSS and GDPR.

For more information, contact us on 0345 450 9393 or simply use the live chat bottom right of the screen!