With the General Data Protection Regulations (GDPR) deadline only a few months away, we've been chatting to CyberShelter; a data protection and security auditor. CyberShelter are trying to take the stress out of these new regulations, and are offering free consultations to businesses who need a little extra help.
Martin Hart and Karen Carr started CyberShelter last year to help businesses get to grips with data protection. With over 30 years’ experience working in IT, Martin and Karen have been securing businesses up and down the country, making sure that every company is GDPR compliant.
'A lot of people don't understand that the GDPR only applies to personally identifiable information,' says Martin. 'And some people don't understand how the GDPR relates to their business. There's a lot of misinformation out there. But we can help businesses through all of that, and make this transition much easier for them.'
'People are very concerned that once they unravel it all, and try to meet all the regulations, they won't be able to cope,' says Karen. 'But that's why we're here, to take the stress out of it all. And it's not just GDPR compliance that CyberShelter do. It's security audits, backups, disaster recovery. We look at every security aspect of your business.'
So how does CyberShelter work with businesses?
'The first thing we do is have a quick chat on the phone,' says Martin. ' We get a sense of what data the business is gathering, how they use that data, if they're gathering personal data. We identify whether they need to be GDPR compliant.'
'Next, we go and visit the business. At this point we need to know how many computers they have, how many desktop machines, what sort of servers they have, whether you're hosting your own server, if it is in the cloud - we take notes of everything that business has and uses. After gathering this information, we can then give the business a quotation.’
‘Our audits are comprehensive. We check anti-virus, and we check that the database is downloaded regularly. How many emails are being sent, and whether they include sensitive data, because that might need to be encrypted. We check the operating systems, each machine and device for firewalls, updates, patches, making every computer as secure as possible.'
'On top of that, we think about what happens if something does go wrong. How a business will recover when a server gets hit, or a backup fails. These things are important to consider, because businesses must be aware of how a system failure could affect their business.'
'At the end of all that, we write a report with all our recommendations. We don't sell hardware, so when we're advising businesses on what changes they need to make, or what software they need to install, we're not making money. It's just honest advice, with no strings attached.'
What makes CyberShelter different from other security auditors?
'As well as the actual GDPR compliance documentation we want to give businesses more value for money, so part of the documentation CyberShelter produce includes the business' IT overview,' says Martin. 'It includes everything; where your backups are, what to do in case of a failure, what to do in case of a data breach. With our audits, businesses have something they can physically see the value in.'
'And once we've created the report, we don't just disappear,' says Karen. 'Data protection is continuous, so we wanted there to be an ongoing relationship between CyberShelter and every business we work with. We visit the business every three months or so, to make sure everything is still working as it should and they are still GDPR compliant.'
Once businesses are GDPR compliant, will their data be completely secure?
'No system can be guaranteed, 100%,' says Martin. 'The analogy I use is your house. If someone really wants to get into your house, they'll find a way to get in. But if you've got burglar alarms, if you've got British standard locks on your doors - they'll see how difficult it is and just move onto somebody else.'
What would you say to businesses who feel overwhelmed by the GDPR?
'I'd say that this is a positive move, for all of us,' says Karen. 'For example, as a customer, under the GDPR I'm only going to get information that I want to receive. And as a business, I'm only going to be sending emails to people that want to read them - because GDPR requires you to ask customers to opt-in to receiving emails from you, rather than opt-out.'
'If you're sending out thousands of emails, and they're being immediately deleted by those recipients, it's a waste of time and energy. This is a great opportunity for businesses to say, we are being responsible, we are now GDPR compliant and that's why we're checking to see whether you'd still like to be on this mailing list. Communication between businesses and customers is going to be a lot more secure, and a lot more effective.'
'It's a new law, embrace it. And make it work for your company and your customers.'
And what would you say to a business who said they couldn't afford to be GDPR compliant?
'Whether you think GDPR is a good thing or a bad thing, as a business owner you have to be responsible,' says Karen. 'Consumers are becoming more and more interested in how their data is protected. If you lost that reputation with your customers, how much would it cost you to build that back up? Would you work with somebody who lost your data?'
'I'd say, if you think being GDPR compliant is expensive, try not being GDPR compliant!' says Martin. 'See how expensive that can get!'
'It's going to future proof your business, it's as simple as that,' says Karen. 'You're telling customers that you adhere to GDPR guidelines and that you’re a custodian of their data, you're making sure they know you take data protection seriously. It will improve communication, and it will improve your business and customer relationships.'
For a free consultation, contact CyberShelter on 0330 223 4090 or at info@cybershelter.co.uk