There are certain regulations regarding information security that you and your business need to be aware of, including GDPR & PCI DSS, so read on to get advice and information to help you.
Please remember that you should seek legal advice regarding your compliance requirements and the information here is only offered as general information and should not be relied upon.
The General Data Protection Regulation (GDPR) will be enforced on the 25th May 2018, so there's not much time left to be prepared for this. GDPR is replacing the current Data Protection Act to give better control to customers and includes many more provisions for privacy and data security.
One of the big issues highlighted over the past few years has been data breaches, where millions of customer records have been compromised.
When people think of a data breach they often envisage a very technical and targeted attack performed by hackers, to gain access to confidential and sensitive company information for criminal or financial gain.
This may be true in some cases, but it’s certainly not the majority.
In most cases the way in can be through simple things like as unpatched operating systems, poor password security, vulnerable applications or through employees clicking on links or opening attachments in phishing emails. This can then lead to infection and data being put at risk and compromised, sometimes without you even knowing.
With some simple security measures, you can help protect your data and that of your customers.