Call Us Today   01622 763355

The GDPR and PCI DSS compliance

A new data protection regulation comes into effect on May 25, 2018. For many companies, this may not even be on their radar, but for some it may be more complex. Simply put, the General Data Protection Plan, or GDPR, is meant to provide added data protection for EU citizens in any country that their personal information is being accessed or stored. It will allow individuals easier access to their own information, and give them the power to have it removed or amended if they so desire. It also puts the onus on the holder of the data to support data storage with adequate security.

Intended to improve existing data security protocols and provide individuals with greater control over their own data, there is a lot of pressure on organisations to become compliant. If your company takes credit or debit cards, there is an added concern of aligning PCI DSS (payment card industry data security standard) compliance with the GDPR. The difference between the two regulations are that the GDPR deals with personal information, and PCI DSS deals with payment information, but the two go hand in hand.

How managed security service providers can help

There are three basic steps to PCI compliance:

  • Review: examine all potentially vulnerable points
  • Repair: patch any vulnerabilities, and discard unneeded data
  • Report: fully document all incidents and report to compliance authorities

While staying compliant with the PCI DSS regulations might seem simple enough, is your company able to keep pace with the latest threats and potential security breaches?

Some of the ways you will need to protect your payment card data include:

  • Maintaining an adequate firewall
  • Know where your data is being stored and processed
  • Encrypt all data that travels through an open network
  • Use anti-virus and anti-malware software and hardware, make sure it’s always up to date, and always document the updates
  • Secure all applications and systems
  • Use dual-factor authentication for system access
  • Restrict physical access to servers and anywhere private data is stored
  • Monitor and track access to cardholder and payment data
  • Test security systems on a regular basis
  • Establish and uphold a strict security protocol for your entire workforce
  • Never use stored system passwords, and change them regularly
  • Use a managed services provider to oversee your data security compliance

Even if you understand the needs for PCI compliance, reaching and maintaining a high level of IT security is something of a speciality. A persistent threat, or a highly advanced malware attack, such as what has recently been seen with an alarming ransomware attack that affected more than 200,000 computers, could quickly destroy your business and its reputation.

With so many new threats, hacks, and sophisticated cyber-attacks rearing their heads every single day, a managed services provider with a focus on IT security can help protect your systems from every angle. They can apply the latest research and solutions to the problem, and provide you with a customized approach that is tailored to specifically your business and its needs.

Allteks: how we can help with your PCI DSS compliance 

In light of new compliance regulations, and especially since the threat of unknown perils continues to encroach on our online security, wouldn’t you sleep better at night, knowing your customer’s data was safe? If you are concerned about IT security, and want to ensure you are compliant with all of the new data protection regulations, call to speak to one of our security specialists today.



Leave a Reply

%d bloggers like this: