support@software-systems.co.uk​​

01793481981

How GDPR Affects your Business

How GDPR Affects your Business

by | Dec 14, 2024 | Systems Integration

Understanding GDPR: How It Affects Your Business

Many small businesses are unaware of the consequences that not managing data correctly poses. So, this month, as reliable IT Support providers and Consultants, the Systems Integration team give you a summary of GDPR, what it is and how it can affect your business.

 

Introduction

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect in the European Union (EU) in 2018.1 While it may seem complex, understanding its core principles and how they impact your business is crucial.

What is GDPR?

GDPR is a regulation designed to protect the personal data of individuals within the EU. It gives individuals more control over their personal data and imposes strict obligations on organizations that process that data.

Why Should Your Business Care About GDPR?

Even if your business is not physically located in the EU, if you process the personal data of EU residents, you must comply with GDPR. Non-compliance can result in significant fines.

Key Principles of GDPR

  • Lawfulness, Fairness, and Transparency: Data processing must be lawful, fair, and transparent.
  • Purpose Limitation: Data must be collected for specified, explicit, and legitimate purposes.
  • Data Minimization: Only the necessary personal data should be collected.
  • Accuracy: Data must be accurate and kept up-to-date.
  • Storage Limitation: Data should not be kept longer than necessary.
  • Integrity and Confidentiality: Data must be processed in a manner that ensures appropriate security,2 including protection against unauthorised processing.
  • Accountability: Organizations are accountable for and must be able to demonstrate compliance with GDPR.

How GDPR Impacts Your Business

  1. Data Subject Rights:
    • Right of Access: Individuals can request access to their personal data.
    • Right to Rectification: Individuals can request the correction of inaccurate data.
    • Right to Erasure: Individuals can request the deletion of their personal data.
    • Right to Restriction of Processing: Individuals can request the restriction of processing their personal data.
    • Right to Data Portability: Individuals can request the transfer of their personal data to another organization.
    • Right to Object: Individuals can object to the processing of their personal data.
  2. Data Protection Officer (DPO):
    • In certain cases, organizations must appoint a DPO.
    • The DPO is responsible for monitoring compliance with GDPR.
  3. Data Breaches:
    • Organizations must report data breaches to the relevant supervisory authority within 72 hours.

How to Comply with GDPR

  1. Data Mapping: Identify and document the personal data you process.
  2. Data Protection Impact Assessments (DPIAs): Conduct DPIAs for high-risk processing activities.
  3. Consent Management: Obtain valid and informed consent from data subjects.
  4. Data Security: Implement appropriate technical and organizational measures to protect personal data.
  5. Employee Training: Train employees on GDPR and data protection best practices.
  6. Incident Response Plan: Develop a plan to respond to data breaches.

Conclusion

By understanding and complying with GDPR, your business can protect itself from legal risks and build trust with your customers. If you are unsure about how GDPR affects your business, consider consulting with an IT support provider such as ourselves and let us ensure you are taking the necessary steps to comply.

Getting a new computer?

Getting a new computer?

by | Dec 29, 2018 | Systems Integration

Last month we talked about how you get rid of your old laptops and computers, this month we will have a look at the right way to get your new ones.
Obviously there are numerous methods people use when it comes to replacing equipment. You could browse though an online catalogue, pop into your local retail store and really that should be it. But is it?
Will you get what your business requires? The chances are that the answer will be negative and it could end up costing you and your business time and money. Not what you had in mind when you set off to upgrade your equipment.

Your goal vs Salesperson goal

Is a it a case of you simply popping into your local retail outlet and being baffled and amazed by all the jargon you are given by the thrown by the salesman, CPU this RAM that?
Although most sales people that you find in your local Curry’s or PC World, may know the technical in’s and out’s of every PC they have on their display, they will not have the knowledge of what your business needs. You simply saying ‘we need something to have a large memory or have a good display, does not really give a true representation of what the PC will be required to do when it is sat in your office.
When you go into a store to buy a PC, you need to need to know that the salesperson is there with one goal, to sell.
They may have an interest in computers and when asked they will normally simply respond with all the technical data that you yourself can read on the box. Unfortunatly, that is normally not the full information you need.
You will be walking into the store with an aim of finding a computer that fits your business requirements, they are their with the goal of getting you to buy an expensive piece of equipment and all the unnecessary trimmings that they can throw at you. Macfee this, Norton that, an ergonomic friendly mouse etc. Giving you a computer that fits your business needs, although an aim of theirs, will not be their prioity and it could end up costing you more in extras.

Check Compatibility

While you are probably aware that having both Mac and PC on the same infrastructure can lead to compatibility issues, were you aware that even switching brands within your PC network can cause issues?
There are so many moving parts within a business infratstructure, from printers to routers, laptops to mobile payment processors, that anytime you throw a new computer into the mix you could end up with compatibility problems. I bet the salesperson that you speak gto in the shop will not tell you this. Will they also be aware that even the number and types of ports on the standard retail computers can cause you a headache when it comes to configuration and set up.
The last thing you want is to end up with a new PC that is surrounded by dodgy adaptor plugs as you attempt to course-correct and make do until it’s time for the office do over or time for the next PC purchase. It’s best to skip the drama and get the right computer first time around.

Check Support

Can your salesman offer ongoing 24 hour support? Do they offer immeadiate replacements, emergency backup in case you lose data?
This is where the retail store and your salesperson become unstuck. Once you leave the store, their business with you is done, they have achieved their goal.

How we can help

As one of Swindon’s leading IT Support providers we stick to a handful of vendors to ensure all parts are kept uniform. That way we know which parts will work together, and should something fail, we can usually get replacements quickly. We’ll often have special relationships with parts vendors and can get special pricing + extended support and upgrades. Your retail store salesperson will never be able to match that.
Also, by contrast, when you buy computers through an IT support provider such as ourselves you know you’re getting the exact computer your business needs. Even if your business is unknown to us, we have technicians that can ascertain your exact requirements via an IT system audit.
From the first time you work with us, we’ll be sure to do our research before making a recommendation. Remember, you want your computers to last 3-4 years of heavy usage, so it’s also a good idea to buy business-grade computers. While the new computers at the retail store may be lovely and shiney and come in a bright coloured box, they’re often nowhere near as durable as the ones your consultant can supply.

As a provider we will also be able to set the new computers up, ready to go with the exact software you need. We’ll strip out all the bloatware (unnecessary programs and trials that come pre-installed) and configure your new computers to work perfectly from day 1. Your employees will be able to enjoy their new systems, take full advantage of the productivity boosts you paid for. That means internet working, internal network connected, programs playing nice with each other, and yes, even printing without problems!.

It may be the case that you want your business to expand, if that is the case then taking our an IT support contract with ourselves can save you a small fotune. You can lease the equipment knowing that it can be replaced at any point and support, well it is always there whenever you need it. No big bill, no having to listen to sales jargon, just confidence in knowing that your IT infrastructure is in good hands. So if you are thinking of upgrading or getting some new hardware, get in touch with us first, you may be surprised by how mych we can help.

The right way to get rid of an old computer

The right way to get rid of an old computer

by | Nov 8, 2018 | Systems Integration

If your business is just about to purchase some new hardware i.e. Computers or laptops it is an exciting time. But, have you ever thought about what happens to the old ones?
If your equipment is old, and let’s face it in IT terms 3 years, is old, you may be scrapping them. Simple, you may think, switch them off and put them in the bin. Or maybe you are going to sell them, in that case you may browse through your files and delete the ones that may be sensitive or personnel.
Maybe you could put your laptop on a strong magnet for while and hope it deletes everything..
Unfortunatly though, throwing a old computer in the bin, holding it over a magnet or a pressing the delete button is not the answer.
Unless you correctly clean up and remove your data from your hardware, it is open to cybercriminals. And they have the skills to be able to get hold of any information you leave on there, records of purchases, passwords, even old purchases you have done online will leave a trace, that means card details and logins to tools such as Paypal.

If you are business owner and are in the situation whereby you refurbish or change your hardware on a regular basis, you need to ensure that a specialised dat cleanup is required for any laptops, tablets or PCs that you get rid of.
It has been found that most business are actually unaware of this and believe that it would always be done by the individuals or business that is removing them.
If you think this is the case then you are very wrong.. In 2016 an experiment was performed which consisted of a company buying 200 used hard drives. Of the 200, 134 of them were found to have confidential data on them. A whopping 67%!

If this was a drive form one of your business PCs, what information would cyber criminals be able to get their hands on? Old invoices, CRM records, email address of clients and maybe even their bank account details.

As you could imagine, if this does happen to your business, buying new PCs would be the last thing on your mind, unless you need them to find solicitors on Google Search….

Why you should not rely on the delete button….

  • Every hard drive has an index, similar to ones you see at the front of a book. A drive index has a record of all the files that are needed to run the system and all the files you record on there.
  • Every time you write data onto the drive, the system makes a record of it in the index, this then helps it to find it quickly when you call the file back up in the future.
  • The issue with this very simple and normally very robust process is that, when you delete a file on a drive, the index does not work the same to that you find in a book.
  • Example being, lets delete page 5 from a book. The result would be page 6 becoming page 5. The book index would then require amending to reflect the fact there are now less pages and as it’s visible, you know it’s been removed.

Unfortunately this is not the case on a drive.

Delete a file and the drive index will say there, but this is all that changes. The index. The actual file will stay in it’s location until it has been written over. So if you simply press delete, any hacker can go through your drive and still find all your data…

What you should do?

Well you can buy software and have a go at doing it yourself. But, if this is something your are not experienced at doing, it is still a risky business. If you are business that is updating PCs on a regular basis, you need to be sure that you have IT experts helping you, ensuring that all drives are correctly cleaned.
And you should never look at removal old PCs as a simple task. It is best to have a specific dedicated process for removal of old hardware. Know where your old computers are going, have an inventory and auditing process. This may be slow and delay the rollout of new machines, but it’s always better than having your old, or worse still an ex clients data, come back to haunt you.

At Systems Integration, we don’t just repair PCs, we offer a full range of IT services for Swindon Businesses, including safe disposal of your unwanted computers We can help with migration any needed data, help with backing up the information to your server, then wipe or destroy the hard drives for you.
We assess the age of your old computers and either dispose of them for you or point you in the right direction of computer recyclers.

Make upgrading your PCs a happy office time. Get in touch with us and let us ensure that your data remains safe and it does not come back to haunt you.

Back up or not back up? That is the question.

Back up or not back up? That is the question.

by | Sep 3, 2018 | Systems Integration

We have previously mentioned the importance of backing up and what your business should be looking for from any backup product. In May of this year, data and how everyone uses it was brought to the forefront with the introduction of GDPR, but it isn’t just personal data that we have to be wary of.
Data is collected and used in such a variety of ways that it’s very difficult for any law or industry regulation to fully encompass what and how you should backup – even when there’s expectation around data security, they can never account for your company’s exact circumstances. This month we are going to take a look at the legal implications of not doing so correctly.
GDPR

In May this year we were introduced to the EU’s General Data Protection Regulation aka GDPR. What did it mean? Basically it put every company that deals with sensitive data in the spotlight. All business need to be able to demonstrate methods of data security, retrieval, deletion and backing up. If you are assessed and it are unable to demonstrate that you have measure in place to do this you could be facing a world of pain, both for your firms reputation and for your business finances.
To put it in comparsion, in 2016 penalties for those companies who failed to protect customers data was approximately £2 million, but, with GDPR in place, those fines today would have added up to be £160million!!.
So if you were not backing up and taking care of your data before, you really need to start thinking about it. Even more so when the Information Commissioner’s Office starts investigating and implementing fines for those who don’t comply…

DOES YOUR BUSINESS WORK TO A CONTRACT?
These days most service level agreements/contracts to have penalty clauses, meaning your business could be subject to a reduced level of compensation for work done – or you could even end up paying damages if missing a target leads to adverse financial implications for your customer. Imagine being in the final stages of a project with the dealine approaching and your firms IT network is infiltrated by a virus..what do you do? If you have everything in a secure back up, nothing, simply retrieve it and carry on. You may lose a few hours work, but that is nothing compraed to having to explain to a client that their is nothing
Think about what failing to deliver in line with a contact do to your business? What would it do to the customer to whom your services or products are being delivered?
Having your data backed up would never put you in the the unfortunate position of having to explain to a client you have not met teh agreement that both parties signed up to. Pending the contract, it could also prevent any legal proceedings against your company for failing to meet any contractual agreements.

ARE YOU AN EMPLOYER?
If you have staff, then you probably pay them. These finacial details are personel, if you lose them you’re inviting the complex and swift impact of employment law.
Losing their data could lead to non-payment of wages. The result of which can be financial woes for your employees. Whether or not your staff have signed formal contracts matters very little, the act of having previously paid them means a ‘deemed’ contract has been created – which you stand to break if you lose crucial data.
It would be almost definite that you could easily collate this data again from the indiividuals, but employers who fail to pay their staff are immediately exposed to any financial penalties levied on the the employees i.e. penalties for missed loans, morgtages, bills etc.
Having your data backed up avoids all this…..

The actual cost of not backing up is huge. You can be fined, your business would be in the spotlight for all the wrong reasons and who would do business with a company that has had its data breached?
Something to ponder over is the fact that according to Ponemon Institute’s 2017 Cost of Data Breach Study: United Kingdom, data breaches cost UK organisations an average of £2.48 million..Do you have that much spare cash laid about? Doubtful….

If you have any questions on security of you IT system and how backup of your data can help save you and your compnay, then please get in touch with Systems Integration, Swindon’s IT experts and we will show you how to ensure your business and data is protected.

Is your business GDPR Ready?

Is your business GDPR Ready?

by | Apr 29, 2018 | Systems Integration

Whether you like it or not, there is a huge change coming with regards to how you operate your business. GDPR – General Data Protection Regulation is going to affect all business, from sole traders through to large corporations.
If you collect any data on customers or clients, you will need to address how that data is collected and stored.

These new regulations are really designed to stop the tech giants such as Google and Facebook from selling unauthorised data that they have collated about their users. Unfortunately though it will also affect a lot of other businesses.

What is classed as data?

Under the GDPR changes, the definition of private data includes internet browsing habits collected by website cookies, location data, other online identifiers and genetic data along with the normal things such as email address, phone numbers and bank details etc
If you do collect this data, consent needs to be explicit. The user/client/customer approve this data collection.
This also means that cold call email marketing is a big no no. Great news for most people, but not for business that rely on this advertising method.

So how do you make your business compliant?

Having a new privacy policy and asking users to read them at their leisure is not classed as consent. But there are a lot of simple changes that can make you, your website and your business compliant.

On your website, with your new/updated privacy policy, ensure that potential customers have to intentionally tick a box, and know what they are agreeing too prior to them sending enquiries.

Many business websites use cookies and analytics by default. Under GDPR, you’ll need to lead with explicit consent. This means asking users to opt-in for cookies (no more ‘by using this site you accept cookies’ notices), and ensuring any data is pre-emptively stripped of all personal identifiers before being sent to your analytics tool.

If you keep data on past clients – get rid

Going forward, everyone has the right to be forgotten and removed from any database you hold their information on.
It is now common practice for you to receive ‘unsubscribe’ links from any newsletters etc that you receive. GDPR expands this to include a right to erasure. In other words you have the right to be deleted and forgotten, not just unsubscribed.
As a business you are then required to confirm and delete their personal data, plus take steps to ensure any copies or backups containing their data are also treated.

What happens if you do lose data or there is a breach of your systems?

If you suspect there has been breach of your systems that has accessed clients data, you have 72 hours to report it. Not only will you have to report it to the relevant authorities but you will also have to inform the individuals whose data has been breached.
If you don’t do this or if your found to be non compliant, you can expect a penalty fine of up to 20 million Euros or or 4% of annual
turnover, whichever is greater.

GDPR comes into affect on the 25th May 2018, so if you haven’t already, you need to start making adjustments now.
Review your privacy policies, data collection and marketing methods. If needs be change them.

In the meantime if you are still confused about GDPR, feel free to get in touch with us. We can provide a free systems audit that will help identify any areas that could be venerable and can also supply you with the methods of correcting them.

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Decline
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active

Who we are

Our website address is: https://www.systems-integration.co.uk.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

We use cookies to retain user preferences and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings