The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

Web Design and Development

The first few seconds of a first-time website visitor is very crucial. If they don’t like what they see or if they think it takes too long just to load what they’re supposed to see, chances are, that would be the last time you’d ever catch them on your site.

Therefore, striking a balance between your website’s appearance and its loading speed is important for first impressions. Once you’ve captured the visitor’s attention, the next objective is to keep them glued long enough for them to browse through your merchandise. It is at this point that the benefits of a well organised and highly intuitive graphical user interface come into play.

An excellent combination of stylish web design and sharp web development can play a major role in lowering bounce rates and increasing returning visitors. We see to it that our web designers and developers not only excel at what they do individually, but also understand the interplay between their individual creations and how it affects the overall appeal of the website.

This is what you can expect from our brand of web design and development:

  • Conversion-motivated web design. Since we understand that your primary motivation for entering into the eCommerce arena is to turn torrential web traffic into sales, we’ve put conversion as a primary consideration in our web designs.
  • SEO-friendly content. First-time visitors don’t reach your site because they entered your URL somewhere. Rather, they must have stumbled upon your links on search engine results or on other websites.
  • Engaging web content. Because excellent graphics alone can’t sell products but engaging web content can, we invest in excellent copywriters.
  • Visitor-friendly user interface. Before a visitor will ever read content on the current and succeeding pages, they’ll need to interact with your site’s UI first. We’ll make sure your user interface is visually appealing enough to invite visitors to click on your buttons.
  • Superior expertise in web development technologies. Our web developers are certified experts in web related technologies including Javascript, AJAX, SQL, PHP, CSS, Java, Silverlight, CMSes, and Magento, among others. Thus, we can offer extreme flexibility and scalability in our web development services.

See more related services

ESOS What is the Truth?

When the UK administration introduced its ESOS Energy Savings Opportunity Scheme reactions from business people followed a familiar theme.

  • Do nothing it will go away
  • The next Westminster will drop this
  • Another stealth tax. I don’t have time for this
  • Give the problem to admin and tell them to fix it

ecovaro decided to share three facts with you. These are

(1) ESOS is not a government money spinner

(2) all major political parties support it, and

(3) it is a cost-effective way to put money back in your pocket while feeling better about what business pumps into the environment.

Four More ESOS Facts

1. You Cannot Give the Problem to Admin ? Energy is technical. The lead belongs with your operations staff because they understand how your systems work. Some things are best outsourced though. ecovaro is here to help.

2. ESOS is Not Going to Go Away ? A company inside the regulation net must submit its first report by 6 December 2015. Non-compliance risks the following penalties:

  • ?5,000 for not maintaining adequate records
  • ?50,000 for not completing the assessment
  • ?50,000 for making a false or misleading statement

3. The Employee Count is the Annual Average – The employment criteria (unlike balance sheet and turnover) is the monthly average of full and part-time employees taken across the full financial year. The fact you have <250 employees in December 2015 when the first report is due does not necessarily let you off the hook.

4. The 6 December 2014 Report is No Big Deal ? When you think about it the administration is hardly likely to spend years wading through 9,000 detailed company energy plans. It has no authority to comment in any case. All that is required is for a senior director to confirm reading the document, and a lead assessor to agree it complies with the law.

Does this mean that ESOS is a damp squib? We do not think so, although some firms may take the low road. ecovaro believes the financial benefits will carry the process forward, and that the imperative to make the world a better place will do the rest.

Are Master Data Management and Hadoop a Good Match?

Master Data is the critical electronic information about the company we cannot afford to lose. Accordingly, we should sanitise it, look after it, and store it safely in several separate places that are independent of each other. The advent of Big Data introduced the current era of huge repositories ?in the clouds?. They are not, of course but at least they are remote. This short article includes a discussion about Hadoop, and whether this is a good platform to back up your Master Data.

About Hadoop

Hadoop is an open-source Apache software framework built on the assumption that hardware failure is so common that backups are unavoidable. It comprises a storage area and a management part that distributes the data to smaller nodes where it processes faster and more efficiently. Prominent users include Yahoo! and Facebook. In fact more than half Fortune 50 companies were using Hadoop in 2013.

Hadoop – initially launched in December 2011 ? has survived its baptism of fire and became a respected, reliable option. But is this something the average business owner can tackle on their own? Bear in mind that open source software generally comes with little implementation support from the vendor.

The Hadoop Strong Suite

  • Free to download, use and contribute to
  • Everything you need ?in the box? to get started
  • Distributed across multiple fire-walled computers
  • Fast processing of data held in efficient cluster nodes
  • Massive scaleable storage you are unlikely to run out of

Practical Constraints

There is more to Hadoop than writing to WordPress. The most straightforward solutions are uploading using Java commands, obtaining an interface mechanism, or using third party vendor connectors such as ACCESS or SAS. The system does not replace the need for IT support, although it is cheap and exceptionally powerful.

The Not-Free Safer Option

Smaller companies without in-depth in-house support are wise to engage with a technical intermediary. There are companies providing commercial implementations followed by support. Microsoft, Amazon and Google among others all have commercial versions in their catalogues, and support teams at the end of the line.

Ready to work with Denizon?

Contact Us Today