GDPR Compliance Checklist: These Two Fines Show Why It’s Time to Act

It’s a fitting time to ask: Has your company established GDPR compliance? In just the space of a few days, the Information Commissioner’s Office (ICO) has given European businesses two alarming reminders of the importance of GDPR compliance. Read on to find out what action you need to take to protect your organization from a GDPR penalty.

Rethink Security: Has Your Company Established GDPR compliance?
Rethink Security: Has your company established GDPR compliance?

GDPR Making the Headlines Again

Most businesses will be aware of the General Data Protection Regulation (GDPR) by now – the regulation by the European Union came into effect in 2018. In this respect, it is nothing especially new for businesses, and because the changes were initially so groundbreaking, a lot of people doubted whether it would actually ever lead to real enforcement. Some businesses therefore have not established GDPR compliance and carry on mishandling personal data as before.

However, this month there were two important reminders that data protection regulation is not going away and companies that fail to rethink their security measures are liable for huge GDPR fines.

The ICO – the UK’s independent authority that protects data privacy for individuals – imposed two hefty GDPR penalties on British Airways and Marriott International, the well-known hotel chain. Because both suffered a data protection breach at the end of last year, the ICO intends to fine British Airways €204.5M and Marriott International €110.4M.

Obviously it is a complicated area, but these fines show that GDPR compliance in the UK and Europe is something that, if ignored, can lead to crippling financial repercussions.

GDPR Compliance Checklist

In order to establish GDPR compliance, and to meet the ‘appropriate technical and organizational measures’ as stipulated in Article 5 of the GDPR, your business or organization will have to rethink existing security procedures and evaluate the security infrastructure. IT admins should start by consulting the array of detailed checklists found online, it they haven’t done so already, and use prominent examples like British Airways to push harder for their implementation.

The GDPR.EU website has a good checklist, as does ecomply.io. Here is a short selection of the key points you will find on almost every GDPR compliance checklist, with one important addition:

  • Existing security tools need to be assessed for their effectiveness against external threats like malware and phishing
  • Due diligence measures must be ready to take place in the event of corporate acquisitions
  • All areas where information is processed need to be identified, including identification of those who can access it
  • Establish accountability throughout, starting with the appointment of a DPO (Data Protection Officer)
  • Aside from traditional workplace computers, mobile iOS and Android devices must also be protected and the data they have access to adequately governed.

It this last field of Mobile Device Manangement (MDM) that each GDPR compliance checklist often overlooks or fails to explicitly mention. GDPR compliance doesn’t end with the IT infrastructure on the office desk – companies have a duty to safeguard personal data on enterprise smartphones, tablets and laptops that are used off-premises, whether corporately or privately (BYOD) owned.

It is one aspect that Cortado Mobile Solutions specializes in. The Cortado MDM software acts as data protection solution that is specifically aimed at the mobile devices and mobile apps that your company uses on a daily basis. Smartphones, iPads, laptops and wearables often have access to sensitive personal data which, if not protected, leave your company open to a GDPR fine and a serious data protection breach. In another post, we addressed the specific risk that WhatsApp poses to GDPR compliance, for example.

With our solution, you retain control and possession of all business data via an intuitive data separation process at the operating system level. Alongside a wealth of management and productivity features that result in a quick ROI on their own, Cortado MDM crucially helps you to prevent data breaches from occurring on mobile devices with its mobile security features.

For more information on why our solution is excellent at delivering GDPR compliance, contact our team or download one of our free white papers. A 10-day free trial of our software is also available on our website.

Comments are closed.