General Data Protection Regulation
On this page we will show how we comply with EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”).
Also on this page, we explain how we can help your business comply with the regulation. The image below shows our thought process with regard to GDPR.
Updated 30th Jan 2018
If you are in business then you will have heard of GDPR. This is a law that will affect all businesses and all need to make changes to meet the legislation. If this is news to you, act now or face a potential fine of up to *€20 Million or 4% of turnover
It is up to you, the business owner and business manager to ensure you have taken steps to protect the data you hold. If you are unsure, we can advise and help you with the technology you use. This not just about big databases of personal details but could be as simple as an email sent to the wrong person or losing a computer that is un protected.
Malware is everywhere and a very large and constant threat comes from spoofing emails and the like. You need to be exceptionally careful or you need to buy in the tools that will help protect you. It is imperative that all staff are trained and understand your company policies on data safety.
As an example, the following is just some simple rules for passwords
What we do …
As a hosting and IT company, we set up hosting, websites and email accounts every day. This means that we have to manage a large number of passwords and other credentials. The following explains how we deal with these and what you will need to do to access your secure information.
All data we keep to manage our own accounts and those of our clients is kept in a secure password safe. This is protected by a number of security features, including but not limited to, encryption, 2 factor authentication, geographical access and more.
Passwords generated for our client email accounts are not accessible by us. Once generated, we can no longer see them. All users should update their own passwords and keep these in a secure password repository. We can offer advice on this and you should never use the same password twice, use a system to remember passwords or to simplify passwords. We have a generator on our site here. All password management systems have the ability to generate random passwords and to store them.
We do not store any data in our browsers
Passwords and access credentials to sites we develop are stored in our electronic password store and within our site management system. The site management system is protected by 2 factor authentication and 256bit encryption. Access to our management system is restricted geographically.
Any emails containing passwords are deleted.
Where we provide IT support and can link to your machines, our system uses 2 factor authentication and 256bit encryption.
We do not store data any longer than we need it. We delete all data that is no longer needed.
What should you be doing …
For the safety of all, we would prefer you adopted password procedures similar to ours, but as a minimum, you should do the following:
Adopt a password policy and use a facility such as OnePass, KeePass, LastPass or Keeper Security.
When you are sent a password on a new system, once you have accessed the system, change the password.
If we need to access your system, we will ask if we can reset the password and once we have completed any work, you should reset the password again.
If you are using a backup system, ensure the data stream is encrypted where this is an option.
Do not share passwords.
As an IT supplier, we recommend and can supply a number of products that will go some way to protecting data. E.g. if you use Office 365 and have a protection suite such as Kaspersky or Sophos, then you will have some of the tools that help with this. You need to do more and a good place to start is to carryout an assessment.
If you haven’t yet completed a GDPR assessment, a good guide is available free of charge from Kaspersky
If you do not have the appropriate legal documents, we can provide these and update your site. Prices start at just £50. Please ask for a quote.
We have the following basic documents, each of which can be tailored to your needs.
Temerity Media Ltd is a Microsoft Partner and so can provision and support all Microsoft products. We also provide Kaspersky licences and manage these centrally. If you need a licence for Kaspersky, please let us know in the next month so that we can make that provision. Our licences run from April through March each year. Existing users will be contacted before the current licence expires.
*The higher amount will apply.
Do you use our eNewsletter system to contact your clients? If so, you can update your sign-up form to include checkboxes and links to your Privacy and Cookie policies.
Please check out these resources
Resources off site which may be of use:
Microsoft Compliance Journey – Microsoft 365 If you want to know more about Microsoft 365 and how we can help you implement Enterprise grade services, call us.
A US view of GDPR This is a great introduction as to why you should love GDPR both for yourself and your customers