Boost data security and become GDPR compliant with Northdoor

The EU’s General Data Protection Regulation (GDPR) came into effect in May 2018. Regardless of the UK’s departure from the European Union, the GDPR must still be respected by organisations dealing with EU citizens. The law also essentially applies to UK citizens, because the UK has adopted the same legal standards internally post-Brexit. To avoid potential fines of tens of millions of Euros, companies must understand the relevant data protection legislation and ensure they have appropriate measures in place. Northdoor can help, providing step-by-step reviews of your existing systems and practices, recommendations for future approaches, and an integrated set of proven tools for gaining and maintaining control over all relevant data throughout your organisation.

Data protection legislation in the UK and EU defines personal data as any information relating to an identified or identifiable natural person – this broad definition means that organisations must carefully review and classify all of the data they hold. Among the provisions are:

• The right for citizens to access, correct, transfer or delete their personal information held within any company’s systems

• The need for citizens to give explicit consent for their data to be held, and for companies to store this consent

• The requirement for companies to notify data authorities and consumers within 72 hours of any breach in security around their data

• The enforcement of fines of up to 4 percent of global annual turnover (or €20 million, whichever is higher) for serious violations.

If your business offers goods or services within the UK and/or the EU, or otherwise monitors the behaviour of individuals who are UK and/or EU citizens (for example, by using online cookies), you will need to achieve and maintain compliance with UK data protection regulations and/or the GDPR .

In the most simplistic terms, the key implication is that your business must fully understand what personal data it holds, where this data is stored and who has access to it, throughout the full information lifecycle. Beyond this, you will need to have clear organisation-wide data-protection policies, set up rigorous governance schemes, maintain auditable records, design and perform annual data protection impact assessments, and ensure that your business partners are also in compliance. Last but not least, you must gain the ability to rapidly detect and report on data breaches, and to find, modify or remove personal data on request and within prescribed time limits.

The stakes are high, and in most organisations the size and diversity of existing data stores makes the challenge a daunting one. The good news is that Northdoor’s Protect IT security practice has an established set of reviews and recommendations to help you achieve and maintain compliance. Our focus is on delivering the best toolsets to help you reliably discover, classify, protect and govern data over time, regardless of where or how it is stored across your local or cloud infrastructure. Crucially, our approach is built on automation, integration and continuous monitoring, so compliance can be accomplished smoothly, rapidly, auditably and without the need to employ armies of administrators.

The average UK organisation suffers 3.9 breaches per year (only 45% of which are actually recognised).

£2.37m is the average total cost of a data breach

87% of security spend is on network perimeter security, yet 86% of breaches are internal

49% of incidents involve a malicious or criminal attack

(Source: 2015 Cost of Data Breach Study: United Kingdom, IBM and Ponemon Institute.)

Northdoor Protect IT – Data Protection Regulations Consultancy

Secure the corporate environment

Continuous monitoring and prevention of threats, both from targeted external attacks and accidental or deliberate internal breaches. We help you maintain your security posture and prevent escalation.

Protect data assets

Automatically discover, classify and protect both structured and unstructured data across all systems. We help you create best-practice approaches to implementing encryption, data masking and data redaction.

Secure endpoints

Support your increasingly mobile workforce, blending user convenience with secure access controls. We help you ensure protection for corporate data on BYOD devices, detecting threats and automating compliance.

Northdoor’s Protect IT security practice helps businesses in insurance, banking and other highly regulated industries to select and deploy the right tools to improve their security posture and protect sensitive data. For data protection regulations including the GDPR, we can help you design and deploy a highly automated compliance solution to discover, classify, protect and govern personal data. Our proven deployment methodologies and enterprise-class support services provide high-quality security frameworks that can keep pace with evolving legislation.

Best-practice solutions

After defining your organisation’s interpretation of what is personal data, the next step in addressing the challenges of data protection is to run a full discovery exercise to find all such data across all systems. This will potentially include: production, test and development databases; corporate documents stored on SharePoint, on corporate file servers, on departmental NAS drives, on user desktops or in the cloud; emails, instant messages and wikis; expired or dormant data in archives and backups.

Northdoor offers software tools that enable you to discover, analyse and classify data in a highly automated way, and to establish clear data lineages. We can then help you to identify paths to and from the data, both inside and outside of the organisation, to review all security measures around data and run detailed risk assessments. Our software solutions also enable you to: monitor and audit data access and permission changes; create automated alerts when rules are breached; increase security through machine learning and user behaviour analytics; establish and manage data retention and destruction policies; lock down both sensitive and obsolete data; mask and anonymise data; and establish intelligent internal and internal and external network defences, incident-response policies and security restrictions.

Beyond data protection

With software solutions and data protection consultancy services from Northdoor, you can more easily understand, protect and govern all personal data, reliably record proof of consent to store and process that data, move quickly to correct, migrate or erase the data at the customer’s request, and automatically notify the relevant parties in the event of a breach.

The benefits of working with Northdoor for data protection go beyond security, risk management and compliance: by finding the data that really matters and deleting redundant, obsolete and trivial data, you can save significant amounts on storage and backup costs.

Northdoor can also help you to rationalise your IT infrastructure and database architecture, simplifying future compliance efforts, improving operational performance and reducing costs.

Take the next step

To find out how Northdoor can help you achieve compliance faster and more effectively, please contact us for an informal assessment. We’ll review your existing approaches to data protection and security, and provide a clear checklist of recommended next actions, helping you get started quickly.

Download our guide to Data Security, Protection & GDPR compliance