Can you believe it’s been one year (on 25 May) since GDPR came into effect tightening up laws on data protection and giving EU citizens greater control of how their personal data is used.

Yet while GDPR (General Data Protection Regulation) has vastly improved data protection and consent in the digital age, the threat and the occurrence of data violations remain high.

Only yesterday (21 May) it was revealed that Instagram has accidentally leaked the private data of some 49 million users (and growing), including many of its major influencers. It’s believed the leaked database came from Chtrbox, a Mumbai-based media company that pays influencers to post sponsored content.

Facebook, which owns Instagram, released a statement which read: “We’re looking into the issue to understand if the data described — including email and phone numbers — was from Instagram or from other sources. We’re also inquiring with Chtrbox to understand where this data came from and how it became publicly available.”

GDPR one year on: violations and fines

The Instagram leak isn’t the first major breach in data protection since the introduction of GDPR. Amazon, Apple, Google, Netflix and Spotify have all been accused of breaking the EU’s data rules. And it’s not just entertainment and social media companies at risk of falling short of data protection.

Less than five months into GDPR, on 6 September 2018, British Airways was forced to admit that details from around 380,000 booking transactions had been stolen. The data included sensitive information such as bank card numbers, expiry dates and CSV codes. The stakes were extremely high.

In fact, a report released this week by the European Data Protection Board revealed that European privacy authorities have received nearly 65,000 data breach notifications since GDPR day on 25 May 2018. This amounts to $63 million (£49.7m) in regulation fines. No small sum.

Data breach fact

How you can protect your organisation and remain GDPR compliant

GDPR affects almost all organisations in the UK so we all have a role to play in keeping the data we handle safe, secure and protected. GDPR is an ongoing process that needs to be maintained and managed.

In a recent blog by Security Boulevard, they identified five warning signs you may be at risk of a data breach. These included;

  1. Absence of mapped data flows
  2. Lack of staff awareness or a training programme
  3. Not knowing your risk and compliance posture
  4. Policies that are “all style, no substance”, i.e. failure to enforce procedures
  5. Static risk assessments that are not dynamic and continuously evaluated

Clearly, there is a need for careful data protection, planning and constant review to ensure GDPR compliance.

GDPR is not purely about technology. It is about having the correct processes, policies and responsibilities in place to ensure all the personal data you hold is controlled and managed securely and appropriately. However, technology can help simplify the processes and management.

Ways Microsoft Azure can support your GDPR strategy and prevent breaches

On-premise data is vulnerable when “at rest” as it is not normally encrypted due to performance issues of the server having to decrypt and encrypt again – this is not the case in the cloud.

Cloud solutions like Microsoft Azure provide a safe and secure environment to host your data, apps and infrastructure. Furthermore, Azure is quick and flexible when building the infrastructure needed to be compliant.

GDPR is an opportunity to “tick several boxes” at once and cover off a multitude of issues such as database management, user access and storage and performance issues. Azure SQL is always updated with the very latest security features to help you remain GDPR complaint now and in the future.

Azure can also help with data automation. A useful tool is Azure Information Protection which automates data into categories i.e. PID, users’ data, customer personal info so appropriate measures can be applied depending on risks associated with each group.

How can Trustmarque help?

Together we’ll ensure that your IT estate is not only GDPR compliant but runs efficiently by reducing waste, streamlining processes and securing your data. We can help you remain GDPR compliant through harnessing the power of Microsoft Azure with our Azure Solutions migration and optimisation services.

We can also provide a Cloud Security Assessment that will help define your security strategy, providing an end to-end security review of your whole IT environment.

Want advice on GDPR or Microsoft Azure? Get in touch by contacting your Account Manager or emailing [email protected]

By Katherine Murphy, content enthusiast