SlideShare a Scribd company logo

Cloud data security and GDPR compliance

S
Salim Benadel

The document discusses GDPR compliance, focusing on how businesses can address security and breach concerns through the right data storage providers. It emphasizes the importance of secure processing, breach notification, and the specific responsibilities of data controllers and processors. Additionally, it highlights the services offered by Storm Internet to help businesses meet compliance requirements and protect against data breaches.

Business
Related topics:
Cloud Security InsightsData Breach Insights Data Security
1 of 43
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
How the right data storage provider solves your business’s GDPR security and breach compliance problems
Welcome https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Mark Gracey mark@digitalcompliance.co.uk Founder, Flavourfy Digital & Digital Compliance Hub Salim Benadel salim.benadel@storminternet.co.uk Founder & MD. Storm Internet Limited
What GDPR security issues? What do I need to worry about? How can I comply? GDPR Compliance
Data protection basics
Key Data Protection Definitions https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Personal Data Processing Data Subject Data Controller Data Processor
The Principles of Data Protection https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Lawful, fair & transparent Specific purpose Relevant Accurate Retention Security Individuals' rights International transfer GDPR = Accountability
What’s changing with GDPR?
GDPR: What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk GDPR May 2018 Scope Accountability Children Consent Rights Processors By Design DPOs Breaches Fines
What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Accountability Demonstration of compliance Record processing activities
What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Third-party Processor s Are they compliant? Contractual terms Processor liabilities
What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Fines Up to 4% of global turnover or €20m
GDPR & Security
Security principle https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Processing must be secure Protection against unlawful processing, accidental loss or destruction Principle of “integrity and confidentiality”
Security principle https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Controller & Processor responsibilities Data protection by design & default / DPIA
Security principle https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Security of processing Anonymisation of data Encryption Integrity of processing systems Disaster recovery Technical effectiveness & testing Risk based assessment
When it goes wrong: Breach notification
Breach notification https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Breaches Breach notification to regulatory body within 72 hours Breach notification to data subjects when “high risk” without “undue delay” Documentation and recording of any breaches
GDPR & Security in Practice: Storm Internet
Cloud data security and GDPR compliance
Salim Benadel, Founder & MD at Storm Internet • Working commercially in IT for past 20 years • Involved with the Internet since 1999 Storm Internet • Keeping servers and hosted data safe, secure and running fast since 2004 • 3500+ customers predominantly based in the UK • Hosting over 10,000 web sites • Use only UK data centres guaranteeing data sovereignty, giving you peace of mind that your data will never be transferred outside of UK borders.
Industry Awards & Recognitions 2017 - ISPA Award Winner - Best Cloud Product - ISPA Award Winner - Best Host - ISPA Finalist - Security award - SVC Awards Runner Up - UK Managed Services Provider of the Year 2016 - ISPA Award Winner - Best Cloud Product - ISPA Finalist - Best Host award - ISPA Finalist - Security award - ISPA Finalist - Best Business Customer Service award 2015 - ISPA Award Winner - Best Business Use of Cloud - ISPA Award Runner Up - Best Dedicated Hosting - SVC Awards Runner Up – Hosting Provider of the Year - SVC Awards Finalist – Cloud Company of the Year - SVC Awards Finalist – IaaS Solution of the year award - SVC Awards Finalist – Managed Service Provider of the year award 2014 - ISPA Award Winner - Best Dedicated Hosting 2013 - ISPA Award Winner - Best Business Hosting
Agenda • How your hosting provider can help you to meet your compliance requirements • How Storm can help to protect your business
How your hosting provider can help you to meet your compliance requirements Data Controllers (you) need to carry out due diligence to show they’re using GDPR compliant Data Processors. • Your Hosting provider (who is a Data Processor for you) can usually help you satisfy this criteria by providing you with a detailed “GDPR statement”. • A GDPR Statement specifies exactly how that company handles data they receive from you and will be in line with GDPR policy. • Other examples of Data Processors you may use and will need to check: - Card payment providers - Customer Relationship Management (CRM) systems - Mailing systems (MailChimp etc.) - Data Backup providers - In short, anyone who stores or receives personal data on individuals from you
How your hosting provider can help you to meet your compliance requirements • Storm will be fully GDPR compliant from February 2018 • Our GDPR Statement will be available from 05/02/18 Using Storm means you are able to demonstrate that you are using a GDPR compliant provider.
How Storm can help to protect your business The other risk… A Data Breach
The problem this causes • Lot of hassle & productive time lost needing to inform customers, the Information Commissioner and ensuring GDPR procedures are followed correctly. • Reputational damage to business due to your client data being breached. • Loss of trust from your clients. • Fines from Information Commissioner’s Office (ICO) if procedures not followed correctly. • Risk from other legal liabilities such as being sued. • Large fines if unable to demonstrate expected precautions were taken to ensure the risk of this happening was minimal.
Some examples of data breaches that have occurred recently… • TalkTalk Damage: Personal details of more than 156,959 individuals accessed Penalty: £400,000 fine issued Attack method: Exploited out-of-date database (gained from acquisition of Tiscali) via vulnerable web page • Nottinghamshire County Council Damage: Personal details of over 3000 individuals posted online Penalty: £70,000 fine issued Attack method: Poor web site security • Carphone Warehouse Damage: Details of more than 3m individuals accessed. 18,000 of which contained payment card info Penalty: £400,000 fine issued Attack method: Exploited out-of-date WordPress plug-in • Berkshire-based small business, Boomerang Video Ltd Damage: Personal details of over 26,331 customer details accessed Penalty: £60,000 fine issued Attack method: SQL Injection attack via web site • Many more examples can be viewed on the Information Commission’s office web site https://ico.org.uk under their News section
The ICO’s view… “Regardless of your size, if you are a business that handles personal information then data protection laws apply to you. If a company is subject to a cyber attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.” Sally Anne Poole, ICO enforcement manager 27 June 2017
So what are the steps expected to “protect people’s personal information in line with the law”?
If you suffer a data breach and are investigated by the ICO your data security is likely to be benchmarked against the 10 Steps to Cyber Security as published by GCHQ’s National Cyber Security Centre Storm offer services to cover ALL points related to satisfy compliance of server security. This focuses on the following 10 key areas: • Risk Management • Incident Management • Secure Configuration • Malware Prevention • Network Security • Monitoring • Managing User Privileges • Removable Media Controls • User Education & Awareness • Home and Mobile Working
Meaning… In the event of a data breach subsequently investigated by the ICO, you can demonstrate that you had done everything possible to secure your server and systems to the highest level possible.
Which means… • Significantly less chance of incurring fines from the Information Commissioner's Office (ICO) • Lower risk of reputational damage to business as security was as strong as was currently possible • No embarrassing stories published demonstrating company’s weak security policies • Significantly lower risk from other legal liabilities such as being sued
But more importantly… It means that your chance of ever suffering a data breach in the first place is as low as possible
We’d rather be proactive than reactive 
So how do we help you achieve this? • Over 14 years experience and know-how securing commercial enterprise level servers & systems • We have strategic partnerships in place with a number of the best cyber security firms in the world. - Including Security Metrics, Cloudflare and shortly, Sucuri. • A range of services to effectively protect against malware, ransomware and viruses. • Firewall services to protect your web site from code injection style attacks such as SQL Injection and Cross- Site Scripting. • Managed PCI (Payment Card Industry) vulnerability scanning and certification services. • 24/7/365 Security and Uptime monitoring backed by an always available expert server support team. • Disaster Recover - Managed backup services ensuring your data can be restored in the event of a data corruption. • A flexible range of Managed Hosting support levels. • We are growing our services in this area all the time.
So how do we help you achieve this? 2018 will see… • More of this functionality added directly to your Storm Account Portal • Security scoring for all of your web sites and servers - Any areas we see as vulnerable or needing attention will be highlighted in real time. • Portal will be enhanced further with our “GDPR Security Centre”. - All the things you need to ensure you are covered into an interactive checklist style format
A couple of things you can do right now to improve security for free… • Ensure Operating System Auto-Updates are always enabled for all of your devices. - servers, desktops, laptops, tablets and smart-phones etc. • Ensure CMS software security updates are always enabled. E.g. for WordPress. • Use the Storm Portal to improve security on your web site by running it through Cloudflare for free. • Look at our Web Application Firewall service to filter out malicious Code Injection attacks to your web site. • Install an SSL Certificate on your web site. • Enable our PCI vulnerability scanning and certification service in order to secure your server or web site to PCI levels
And finally, if you need any advise, talk to us! We’re here for you 24/7/365
Thanks for listening! 
GDPR & Security: How Digital Compliance Hub can help
Digital Compliance Hub – Managing your compliance https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Data Protection & GDPR Privacy & Marketing Web, Data & Cyber Security Info, guidance, toolkits, advice, support & training https://digitalcompliancehub.co.uk
Flavourfy Digital Consultancy https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Compliance Audits Management Consultancy & Advice Training Digital Compliance Hub mark@flavourfy.co.uk https://flavourfydigital.co.uk
Questions? Mark Gracey mark@flavourfy.co.uk https://digitalcompliancehub.co.uk Salim Benadel salim@storminternet.co.uk https://www.storminternet.co.uk

More Related Content

PPTX
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
PDF
GDPR changes affect direct marketing
Spotler
 
PDF
Convince your board - Ten steps to GDPR compliance
Dave James
 
PDF
Convince your board: How to prepare your business for List X
Dave James
 
PDF
Developer view on new EU privacy legislation (GDPR)
Exove
 
PPTX
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
PDF
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
Mailjet
 
PDF
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
CIO Edge
 
GDPR changes affect direct marketing
Spotler
 
Convince your board - Ten steps to GDPR compliance
Dave James
 
Convince your board: How to prepare your business for List X
Dave James
 
Developer view on new EU privacy legislation (GDPR)
Exove
 
Reducing cardholder data footprint with tokenization and other techniques
VISTA InfoSec
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
Mailjet
 
Symantec Webinar Part 1 of 6 The Four Stages of GDPR Readiness
Symantec
 

What's hot (10)

PDF
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
 
PDF
Come cambia la cybersecurity con il regolamento privacy europeo
Giulio Coraggio
 
PDF
GDPR Changing Mindset
NetworkIQ
 
PDF
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
 
PDF
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
PDF
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec
 
PPT
What changes for Internet of Things technologies with the EU Data Protection ...
Giulio Coraggio
 
PDF
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec
 
PDF
Gdpr in a nutshell
Matthew Butler
 
PDF
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
 
Symantec Webinar Part 4 of 6 GDPR Compliance, What NAM Organizations Need to...
Symantec
 
Come cambia la cybersecurity con il regolamento privacy europeo
Giulio Coraggio
 
GDPR Changing Mindset
NetworkIQ
 
Symantec Webinar Part 5 of 6 GDPR Compliance, the Operational Impact of Cross...
Symantec
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Shawn Tuma
 
Symantec Webinar Part 3 of 6 How to Tackle Data Protection Risk in Time for G...
Symantec
 
What changes for Internet of Things technologies with the EU Data Protection ...
Giulio Coraggio
 
Symantec Webinar Part 2 of 6 GDPR Compliance
Symantec
 
Gdpr in a nutshell
Matthew Butler
 
Symantec Webinar Part 6 of 6 GDPR Compliance, Breach Notification, Detection,...
Symantec
 
Ad

Similar to Cloud data security and GDPR compliance (20)

PPTX
CRMCS GDPR - Why it matters and how to make it Easy
Paul McQuillan
 
PPTX
Gdpr action plan - ISSA
Ulf Mattsson
 
PDF
Is your cloud GDPR compliant?
Jacklin Berry
 
PPTX
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
Capgemini
 
PDF
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
PPTX
GDPR - Why it matters and how to make it Easy
Paul McQuillan
 
PDF
Accelerate your Cloud journey with security and compliance by design - Margo ...
Net4All
 
PPTX
20250424 - CWF - GDPR - Data protection notice v2.pptx
Peter GEELEN ✔
 
PPTX
CBC GDPR The Physics
Jason Chapman
 
PPTX
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
PPTX
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
PPTX
GDPR How to get started?
Peter Witsenburg
 
PDF
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
PPTX
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
PDF
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
One North
 
PDF
Digital Security and Data Protection Considerations for Hospitality Brands an...
TBEX
 
PDF
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
PDF
Partner enablement GDPR
Juan Niekerk
 
PPTX
How will GDPR affect your business - Marketing Fox & Birkett Long
Louise Owens
 
PPTX
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
CRMCS GDPR - Why it matters and how to make it Easy
Paul McQuillan
 
Gdpr action plan - ISSA
Ulf Mattsson
 
Is your cloud GDPR compliant?
Jacklin Berry
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
Capgemini
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
GDPR - Why it matters and how to make it Easy
Paul McQuillan
 
Accelerate your Cloud journey with security and compliance by design - Margo ...
Net4All
 
20250424 - CWF - GDPR - Data protection notice v2.pptx
Peter GEELEN ✔
 
CBC GDPR The Physics
Jason Chapman
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
Isaca atlanta ulf mattsson - do you have a roadmap for eu gdpr
Ulf Mattsson
 
GDPR How to get started?
Peter Witsenburg
 
Shift from GDPR readiness to sustained compliance to improve your business an...
ForgeRock
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
One North
 
Digital Security and Data Protection Considerations for Hospitality Brands an...
TBEX
 
TBEX 2018 - Digital Security and GDPR Considerations for the Travel and Hospi...
Omo Osagiede
 
Partner enablement GDPR
Juan Niekerk
 
How will GDPR affect your business - Marketing Fox & Birkett Long
Louise Owens
 
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
Ad

Recently uploaded (20)

PPTX
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
PPTX
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
shannonzipoy2
 
PPTX
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
PDF
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
PDF
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
PDF
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
PDF
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
PDF
Traveri Digital Marketing Seminar 2025 by Corey and Jessica Perlman
Corey Perlman, Social Media Speaker and Consultant
 
PDF
SIMNET Inc – 2023’s Most Trusted IT Services & Solution Provider
sidnik500
 
PDF
Dr. Enrique Segura Ense Group - A Self-Made Entrepreneur And Executive
Dr. Enrique Segura Ense Group
 
PPTX
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
PPTX
Business Ethics - An introduction and its overview.pptx
Keerthana Chinnathambi
 
PPTX
Belch_12e_PPT_Ch18_Accessible_university.pptx
Haitham327103
 
PDF
Training And Development of Employee .pdf
nivethavm864
 
PPTX
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
PDF
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
PDF
Business model innovation report 2022.pdf
pradvapal
 
PDF
A Brief Introduction About Julia Allison
Julia Allison
 
Dragon_Fruit_Cultivation_in Nepal ppt.pptx
UmeshTimilsina1
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
The Marketing Journey - Tracey Phillips - Marketing Matters 7-2025.pptx
shannonzipoy2
 
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
Roadmap Map-digital Banking feature MB,IB,AB
Alemayehu
 
Traveri Digital Marketing Seminar 2025 by Corey and Jessica Perlman
Corey Perlman, Social Media Speaker and Consultant
 
SIMNET Inc – 2023’s Most Trusted IT Services & Solution Provider
sidnik500
 
Dr. Enrique Segura Ense Group - A Self-Made Entrepreneur And Executive
Dr. Enrique Segura Ense Group
 
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
Business Ethics - An introduction and its overview.pptx
Keerthana Chinnathambi
 
Belch_12e_PPT_Ch18_Accessible_university.pptx
Haitham327103
 
Training And Development of Employee .pdf
nivethavm864
 
Probability Distribution, binomial distribution, poisson distribution
gayusakktivel
 
Katrina Stoneking: Shaking Up the Alcohol Beverage Industry
CIO WOMEN MAGAIZNE CIO WOMEN MAGAIZNE
 
Business model innovation report 2022.pdf
pradvapal
 
A Brief Introduction About Julia Allison
Julia Allison
 

Cloud data security and GDPR compliance

  • 1. How the right data storage provider solves your business’s GDPR security and breach compliance problems
  • 2. Welcome https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Mark Gracey mark@digitalcompliance.co.uk Founder, Flavourfy Digital & Digital Compliance Hub Salim Benadel salim.benadel@storminternet.co.uk Founder & MD. Storm Internet Limited
  • 3. What GDPR security issues? What do I need to worry about? How can I comply? GDPR Compliance
  • 5. Key Data Protection Definitions https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Personal Data Processing Data Subject Data Controller Data Processor
  • 6. The Principles of Data Protection https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Lawful, fair & transparent Specific purpose Relevant Accurate Retention Security Individuals' rights International transfer GDPR = Accountability
  • 8. GDPR: What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk GDPR May 2018 Scope Accountability Children Consent Rights Processors By Design DPOs Breaches Fines
  • 9. What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Accountability Demonstration of compliance Record processing activities
  • 10. What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Third-party Processor s Are they compliant? Contractual terms Processor liabilities
  • 11. What’s changing? https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Fines Up to 4% of global turnover or €20m
  • 13. Security principle https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Processing must be secure Protection against unlawful processing, accidental loss or destruction Principle of “integrity and confidentiality”
  • 14. Security principle https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Controller & Processor responsibilities Data protection by design & default / DPIA
  • 15. Security principle https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Security of processing Anonymisation of data Encryption Integrity of processing systems Disaster recovery Technical effectiveness & testing Risk based assessment
  • 16. When it goes wrong: Breach notification
  • 17. Breach notification https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Breaches Breach notification to regulatory body within 72 hours Breach notification to data subjects when “high risk” without “undue delay” Documentation and recording of any breaches
  • 18. GDPR & Security in Practice: Storm Internet
  • 20. Salim Benadel, Founder & MD at Storm Internet • Working commercially in IT for past 20 years • Involved with the Internet since 1999 Storm Internet • Keeping servers and hosted data safe, secure and running fast since 2004 • 3500+ customers predominantly based in the UK • Hosting over 10,000 web sites • Use only UK data centres guaranteeing data sovereignty, giving you peace of mind that your data will never be transferred outside of UK borders.
  • 21. Industry Awards & Recognitions 2017 - ISPA Award Winner - Best Cloud Product - ISPA Award Winner - Best Host - ISPA Finalist - Security award - SVC Awards Runner Up - UK Managed Services Provider of the Year 2016 - ISPA Award Winner - Best Cloud Product - ISPA Finalist - Best Host award - ISPA Finalist - Security award - ISPA Finalist - Best Business Customer Service award 2015 - ISPA Award Winner - Best Business Use of Cloud - ISPA Award Runner Up - Best Dedicated Hosting - SVC Awards Runner Up – Hosting Provider of the Year - SVC Awards Finalist – Cloud Company of the Year - SVC Awards Finalist – IaaS Solution of the year award - SVC Awards Finalist – Managed Service Provider of the year award 2014 - ISPA Award Winner - Best Dedicated Hosting 2013 - ISPA Award Winner - Best Business Hosting
  • 22. Agenda • How your hosting provider can help you to meet your compliance requirements • How Storm can help to protect your business
  • 23. How your hosting provider can help you to meet your compliance requirements Data Controllers (you) need to carry out due diligence to show they’re using GDPR compliant Data Processors. • Your Hosting provider (who is a Data Processor for you) can usually help you satisfy this criteria by providing you with a detailed “GDPR statement”. • A GDPR Statement specifies exactly how that company handles data they receive from you and will be in line with GDPR policy. • Other examples of Data Processors you may use and will need to check: - Card payment providers - Customer Relationship Management (CRM) systems - Mailing systems (MailChimp etc.) - Data Backup providers - In short, anyone who stores or receives personal data on individuals from you
  • 24. How your hosting provider can help you to meet your compliance requirements • Storm will be fully GDPR compliant from February 2018 • Our GDPR Statement will be available from 05/02/18 Using Storm means you are able to demonstrate that you are using a GDPR compliant provider.
  • 25. How Storm can help to protect your business The other risk… A Data Breach
  • 26. The problem this causes • Lot of hassle & productive time lost needing to inform customers, the Information Commissioner and ensuring GDPR procedures are followed correctly. • Reputational damage to business due to your client data being breached. • Loss of trust from your clients. • Fines from Information Commissioner’s Office (ICO) if procedures not followed correctly. • Risk from other legal liabilities such as being sued. • Large fines if unable to demonstrate expected precautions were taken to ensure the risk of this happening was minimal.
  • 27. Some examples of data breaches that have occurred recently… • TalkTalk Damage: Personal details of more than 156,959 individuals accessed Penalty: £400,000 fine issued Attack method: Exploited out-of-date database (gained from acquisition of Tiscali) via vulnerable web page • Nottinghamshire County Council Damage: Personal details of over 3000 individuals posted online Penalty: £70,000 fine issued Attack method: Poor web site security • Carphone Warehouse Damage: Details of more than 3m individuals accessed. 18,000 of which contained payment card info Penalty: £400,000 fine issued Attack method: Exploited out-of-date WordPress plug-in • Berkshire-based small business, Boomerang Video Ltd Damage: Personal details of over 26,331 customer details accessed Penalty: £60,000 fine issued Attack method: SQL Injection attack via web site • Many more examples can be viewed on the Information Commission’s office web site https://ico.org.uk under their News section
  • 28. The ICO’s view… “Regardless of your size, if you are a business that handles personal information then data protection laws apply to you. If a company is subject to a cyber attack and we find they haven’t taken steps to protect people’s personal information in line with the law, they could face a fine from the ICO. And under the new General Data Protection Legislation (GDPR) coming into force next year, those fines could be a lot higher.” Sally Anne Poole, ICO enforcement manager 27 June 2017
  • 29. So what are the steps expected to “protect people’s personal information in line with the law”?
  • 30. If you suffer a data breach and are investigated by the ICO your data security is likely to be benchmarked against the 10 Steps to Cyber Security as published by GCHQ’s National Cyber Security Centre Storm offer services to cover ALL points related to satisfy compliance of server security. This focuses on the following 10 key areas: • Risk Management • Incident Management • Secure Configuration • Malware Prevention • Network Security • Monitoring • Managing User Privileges • Removable Media Controls • User Education & Awareness • Home and Mobile Working
  • 31. Meaning… In the event of a data breach subsequently investigated by the ICO, you can demonstrate that you had done everything possible to secure your server and systems to the highest level possible.
  • 32. Which means… • Significantly less chance of incurring fines from the Information Commissioner's Office (ICO) • Lower risk of reputational damage to business as security was as strong as was currently possible • No embarrassing stories published demonstrating company’s weak security policies • Significantly lower risk from other legal liabilities such as being sued
  • 33. But more importantly… It means that your chance of ever suffering a data breach in the first place is as low as possible
  • 34. We’d rather be proactive than reactive 
  • 35. So how do we help you achieve this? • Over 14 years experience and know-how securing commercial enterprise level servers & systems • We have strategic partnerships in place with a number of the best cyber security firms in the world. - Including Security Metrics, Cloudflare and shortly, Sucuri. • A range of services to effectively protect against malware, ransomware and viruses. • Firewall services to protect your web site from code injection style attacks such as SQL Injection and Cross- Site Scripting. • Managed PCI (Payment Card Industry) vulnerability scanning and certification services. • 24/7/365 Security and Uptime monitoring backed by an always available expert server support team. • Disaster Recover - Managed backup services ensuring your data can be restored in the event of a data corruption. • A flexible range of Managed Hosting support levels. • We are growing our services in this area all the time.
  • 36. So how do we help you achieve this? 2018 will see… • More of this functionality added directly to your Storm Account Portal • Security scoring for all of your web sites and servers - Any areas we see as vulnerable or needing attention will be highlighted in real time. • Portal will be enhanced further with our “GDPR Security Centre”. - All the things you need to ensure you are covered into an interactive checklist style format
  • 37. A couple of things you can do right now to improve security for free… • Ensure Operating System Auto-Updates are always enabled for all of your devices. - servers, desktops, laptops, tablets and smart-phones etc. • Ensure CMS software security updates are always enabled. E.g. for WordPress. • Use the Storm Portal to improve security on your web site by running it through Cloudflare for free. • Look at our Web Application Firewall service to filter out malicious Code Injection attacks to your web site. • Install an SSL Certificate on your web site. • Enable our PCI vulnerability scanning and certification service in order to secure your server or web site to PCI levels
  • 38. And finally, if you need any advise, talk to us! We’re here for you 24/7/365
  • 40. GDPR & Security: How Digital Compliance Hub can help
  • 41. Digital Compliance Hub – Managing your compliance https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Data Protection & GDPR Privacy & Marketing Web, Data & Cyber Security Info, guidance, toolkits, advice, support & training https://digitalcompliancehub.co.uk
  • 42. Flavourfy Digital Consultancy https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk Compliance Audits Management Consultancy & Advice Training Digital Compliance Hub mark@flavourfy.co.uk https://flavourfydigital.co.uk