Here is a snippet of of some of the questions within the GDPR Compliance Checklist that you will soon need to provide the answers for:
1: DEVICE PROTECTION
- Are your business hard drives encrypted?
- Can devices such as phones, laptops and tablets be managed internally if they’re lost or stolen?
- Is your business using endpoint protection, so that only approved devices can be used with company devices?
- Are all passwords you store managed by a third party secure system?
2: CYBER SECURITY AWARENESS & TRAINING
- Does your business currently provide cyber security training to your employees?
- Are your staff trained to identify Phishing emails? Do you test them?
- Are your staff aware of the most recent malware threats and how they might be delivered to the business?
- Has your business got a process in place that can be activated if staff open malware?
- Are all staff trained not to keep passwords or private data stored in personal folders on their computers?
- Are your staff aware that they must report any financial, data, and confidentially breach to a member of management so they can report this to the ICO within 72 hours of loss?
3: USER ACCOUNTS
- Do your staff have their own unique access rights and passwords, with appropriate permissions for their specific roles?
- Do you have more than one method of authentication as well as a password, that is required to log in to your user accounts and email?
- Do you have restrictions on the users that have local administration rights?
- Are all passwords managed so they have to be be a specific complexity?
- If your business has employees who work from home, have you as a company made sure the computer/tablet they are using is safe and secure?
- Within your server is each folder managed with restrictions for users who shouldn’t have access to specific files?
- When you obtain, a new customer does your business automatically sign them up for marketing emails?
- Have you got a process in place whereby customers can easily opt out of marketing emails, additional services etc?
- Do you have a secure backup and disaster recovery service in place for your business?
Download our GDPR Compliance Checklist to view the full section relating to backup
5: SECURITY PROTECTION FOR THE BUSINESS
- Has your business got industry standard Malware protection in place that detects and protects against Malware attacks?
Download our GDPR Compliance Checklist to view the full section relating to security protection of the business.
6: BUILDING SECURITY
- Do you change your Wi-Fi passwords regularly?
Download our GDPR Compliance Checklist to view the full section relating to building security measures in relation to GDPR.