Technologies and Security Procedures for MSPs
Introduced in May 2018, the General Data Protection Regulation (GDPR) marked arguably the most comprehensive data regulation reform in the last decades. The GDPR affected the ways organizations implement their external data protection strategies and internal data management and processing.
Make sure you have a robust firewall in place to protect your network from external threats.
Implement intrusion detection and prevention systems (IDS/IPS) to stop attacks before they happen.
Use encryption for all sensitive data, both at rest and in transit.
Train your staff on security best practices and make sure they understand the importance of following procedures.
What Data Is Protected by GDPR?
Before proceeding with the checklists, concepts and technologies for GDPR compliance, check what data should be protected according to that document. GDPR works for:
Personal biographical information (PBI): This includes names, addresses, birth dates, email addresses, and social security numbers. Appearance details, for instance, eye color, hair color weight, or height also fall into this category
Financial data: Tax codes, student loans, salary, etc.
Web data: IP addresses, browser history, retained cookies
Biometrics, genetics and other health info: Long-derm disease data, health insurance numbers and requests, among others
Private data: Political views, religious beliefs, sexual orientation, etc. The info on geographic tracking by Google Maps, for instance, is considered private data as well.
In case your organization processes, transfers, stores, or interacts with such data of EU and UK residents in any way, compliance with GDPR is mandatory. Bear in mind that in such conditions, your organization must comply with the requirements even if registered and operating outside of the United Kingdom and European Union.