| |
| GDPR - is your business compliant and data secure? |
Within Data Protection the physical security of the server, the administration area and the surrounds of an office has become more and more important.
The general principle of what it is we are protecting or having protected lies around the The Data Protection Act which controls how personal information is used by organisations, businesses or the government. |
|
 |
|
Everyone responsible for using data has to follow strict rules
called 'data protection principles' |
| They must make sure the captured and stored information is: |
|
|
| Used in a way that is adequate, relevant and not excessive |
|
|
|
| Kept for no longer than is absolutely necessary |
|
|
|
|
|
| Used for limited, specifically stated purposes |
|
|
|
|
| Handled according to people's data protection rights |
|
|
|
| Not transferred outside the European Economic Area without adequate protection |
|
|
|
|
|
 |
| Protecting the physical security of your data |
| When we look at data being kept safe and secure, the physical security of the data within the server and office PCs needs thorough thought. The physical security of the building and server room has to be the beginning of the overall strategy. |
 |
Who can access the data? |
|
What are the inherent risks within the location? |
|
How is the room protected? |
|
|
|
 |
| Physical measures for GDPR regulations |
Working with physical security companies who deal with the locks, the control of access, the alarming and the
physical barriers preventing forced intrusion, we review some basic steps and consider some of the solutions
and the manufacturers and end solutions out there. |
| Ask a NASIC member for help with GDPR compliance |
 |
|
| |
| |
| Surveillance |
| Either hidden to avoid tampering, or visual to act as a deterrent, CCTV is an effective tool for securing server rooms and data protection. |
|
Secure CCTV system monitoring doors |
|
Motion detectors working with CCTV |
|
Biometric access control |
|
| |
|
| |
| |
| It's not just the servers |
| Think about other devices and hardware outside of your server room - do they need protection? Consider locked cupboards or protected offices as part of your access control. |
|
Think on devices that need protection |
|
Locked cupboards for external hardware |
|
| |
|
| |
| |
| Disable Drives |
| Remove the possibility of data being transferred or removed from your main data storage or server room. Disabling drives can be a simple but effective method of prevention. |
|
Disable USB ports and other means of transferring data |
|
This can be achieved as a software solution, or even a physical act of removing the USB port itself |
|
| |
|
|
|
| |
| Lock it down, bolt it down |
| Within the room, ensure you are taking the necessary steps to reduce the chance of theft. Whilst electronic security helps you secure access, physical security delays or can stop a theft entirely. |
|
Ensure racks are locked and bolted down |
|
Make hardware as hard to move as possible |
|
| |
|
| |
| |
| Keep backups secure |
| The security of your server backups should be taken as seriously as your server itself. You can take precautions by storing backups in a safe in a separate building away from the main server. |
|
Preferably store backups in a safe |
|
Have a policy that server backups are locked up at all times |
|
Proven secure storage areas, units or safes in which to put these |
|
| |
|
| |
| |
| Lock and secure printers |
| Shredding all data should be a policy and a habit. Security should be a part of the everyday actions of staff within an office. So a solid security solution is one of repeated actions and habitual care. |
|
Printers can store data, secure the printer |
|
Ensure the printed material is shredded |
|
| |
|
|
|
| |
|
|
| How can NASIC members help with GDPR compliance? |
With a wealth of experience and knowledge to utilise, our NASIC members can help provide simple, proven security solutions to provide a greater overview and monitoring on data protection. For example, a CCTV camera over the door of your designated secure room would help ensure people stick to the rules.
An understanding that the situation is being monitored goes a long way to helping people develop the security habit. Feeling responsible and being seen to be responsible are solid steps in a security routine - something our members can help with the implementation of specific systems. |
| A wide range of systems can be used to help with data protection, server room security and GDPR compliance, including: |
|
 |
|
| |
|
| |
|
