Cyber attacks, data security and the GDPR

So, if you haven’t heard about the recent cyber attacks on the NHS then firstly, where have you been and secondly, get reading as it’s really important subject. A total of 48 trusts were hit but now all are thankfully back to normal.

Understandably, NHS bosses and the government are facing questions over why hospitals had been left vulnerable when their systems were infiltrated by a global cyber attack which crippled their services. The chaos it caused was unthinkable, with operations and appointments being cancelled and ambulance services diverted.

Businesses and data security
According to Gov.uk, Britain’s businesses are being urged to better protect themselves from Cyber criminals, with two thirds of large businesses experiencing an attack in the last year. There’s a huge amount at stake, as we’ve seen from the past week’s happenings and so IT professionals have their work cut out when it comes to protecting this information; as quickly as technology evolves, so do the tactics of cyber criminals.

Cloud technology
More and more businesses are adopting Cloud technology as part of their digital transformation strategies to increase their potential capabilities. Many organisations now view the cloud as secure, in fact, more so than on–premise deployment. However, what we have to remember is that cloud security is a joint responsibility.

Organisations relying solely on a cloud vendor’s security protocols are potentially exposing themselves to unnecessary risk and cyber attacks. So with this in mind, we mustn’t rest on our laurels; whether you’re a Director or an employee, data security is a hugely important issue which demands careful consideration and forethought.

General Data Protection Regulations (GDPR)
The European Union’s GDPR comes into effect on 25th May 2018 and so companies must be compliant with the newly published rules to drastically improve their data privacy policies by this date. We mustn’t underestimate the scale of this topic, with reported staffing levels reaching a massive 28,000 data protection officers in Europe alone.

GDPR includes people’s IP addresses and online identifiers, as well as forcing companies to gain people’s explicit consent to use their data. The aim is to make it easier to find out what data companies hold on you, how your data is handled and what it’s used for.

Data owners (client) vs data processors (us)
Previously the onus was on the data owner, however, as of May 2018, it will be a joint responsibility with the data processors (i.e. cloud service/us as an example) so in our market, we are also liable and need to ensure as a business we are compliant.

This is a huge subject and one we will continue to talk about in future articles and white papers, so use this as food for thought at this point in time and we’ll be back soon with our next update

Tagged

Most read this week

white and brown analog wall clock at 10 00 representing that time is precious and limited

Human resources: Whose return on whose investment?

by

Trending

four person holding each others waist at daytime

International Women’s Day 2024: Inspire Inclusion

by

green chameleon crawling on branch: being agents of change

Channelling chameleons: Why HR team’s must be agents of change in 2024

by

flock of brown birds flying on blue sky symbolising connection

Achieving connection: The gold dust of high performance

by

Matt Somers - Coaching Culture Series

How to build a coaching culture

The fundamentals to crafting a coaching culture

Part one: Coaching for success

Building a coaching culture

Part two: What’s the story?

Why stories are a powerful tool for creating a coaching culture

Part three: Coaching as a ritual

Why coaching needs to be embedded as a cultural ritual

© HR Zone Ltd 2024
© HR Zone Ltd 2024