Posts

The down & dirty guide on developing a backup strategy

People who run small businesses have a huge number of tasks to attend to every day, from hiring decisions to customer service to budget reviews. So, preparing for data loss can get lost in the shuffle.
After all, the notion that your company could lose all of its data might seem far-fetched, especially if you have defensive security precautions like antivirus software in place. You might conclude that your time is better spent focusing on products, services and day-to-day management duties.
However, data loss afflicts companies of all sizes, including those that seem secure. And, once your customer, employee or business information is compromised or lost, restoring it can be nearly impossible. Daily operations and transactions can immediately come to a standstill, and you could go out of business in a short period. In other words, disaster planning is critical.
Indeed, quite a few scenarios can lead to data loss, so understanding the most common ones is an important first step.

Physical server destruction

A natural disaster like an earthquake or hurricane could demolish your server environment, wiping out your data in the process. Furthermore, even without a natural disaster, the building it’s located in could suffer a fire, flooding or roof collapse, damaging the hardware that carries your critical files and systems.

Ransomware

Ransomware is becoming more and more common. When malware strikes a company’s digital infrastructure, it encrypts all of its data, rendering that material unusable. To get the perpetrators to unencrypt the data, the business must pay a sizable ransom, most likely with a cryptocurrency. Even if the payment is made, however, there is no guarantee the criminals will make good on restoring the seized data.

Errors and malfunctions

Employee error is a major cause of data loss. It’s all too easy for a worker, especially someone who’s tired or whose mind is elsewhere, to accidentally delete or overwrite a crucial file. A staff member could also physically damage a file by, say, spilling coffee on a laptop, exposing a machine to a power surge, or dropping an important computer.
In addition, hardware can fail. Software can be corrupted. A system could crash. The power could go out before a certain file is saved. Even if you ultimately recovered your data after such an event, you’d still have to face a costly stretch of downtime.

Choosing a data backup strategy

With all of these dangers lurking, it’s good business practice to develop a data backup plan as soon as possible.
Your backup data could be stored on the cloud, a vast system of secure virtual servers. And, as you’re sending your private information to the cloud, it can be encrypted to prevent outsiders from viewing it en route.
Another possibility is copying your data to onsite hard drives, which would remain locked in a climate-controlled, restricted-access storage facility. This option is economical and makes your data easily accessible, but you’d still have to worry about a natural disaster or other calamity striking your storage unit.
Of course, you don’t have to choose between these courses of action. The best strategy is to ensure redundant backups across different locations and methods, including the cloud and a secondary, on-premises server. Depending on your priorities and needs, you can update your approach based on latest trends in backup.
Moreover, you needn’t make this decision on your own. Instead, IT managed service providers can analyze your network and your business needs, walk you through your various options, ensure that your disaster plans don’t have any major flaws and help you determine the best backup solution for your company.
In the end, there are many reasons to develop a strategy for data backup, including regulatory compliance and simple peace of mind. The information you collect and curate over time makes all of your business operations possible. No entrepreneur should ever have to discover that, in an instant, it’s all disappeared.

5 reasons why you need a backup service, even if you’re using Office 365

Enterprises around the world continue to move key applications to the cloud. But the speed and scope of migration presenting new challenges regarding data protection, service delivery, and compliance.

While most organizations have developed robust on-premises backup solutions, the failure to protect cloud data and ensure the availability of key services is widespread and incredibly alarming.

Contrary to popular belief, Office 365 and other software as a service (SaaS) models provide no real internal backup solutions. While Microsoft has sound internal security and is capable of managing Office 365 infrastructure, third-party services are needed to ensure comprehensive data protection and compliance. Let’s take a look at 5 key reasons why you need a dedicated backup service when you’re using Office 365.

1. Protection against internal accidents and threats

Content and events brought to you in partnership with Veeam Software

Regardless of how careful you are with your data, accidents can and do happen. Whether it’s the accidental deletion of a user, the incorrect merging of fields, or the failure of a key service, accidental deletion can be replicated across an entire network and lead to serious problems.

Simple accidents have been responsible for serious damage over the last few years, with an outage on Amazon Web Services costing up to $150 million dollars in 2017.
A backup service can restore data and services quickly and with minimum disruption, either to the on-premise Exchange or the Office 365 cloud network. In addition, dedicated backup services can protect you against internal security threats and manage the risk of malicious data loss or destruction.

2. Protection against external security threats

Along with internal security threats, many businesses have experienced a rise in malware, viruses, data theft and other security threats from the outside. Kaspersky blocked almost 800 million attacks from online resources across the globe in the first quarter of 2018 alone.

While Microsoft 365 and other cloud suites do have some security controls, they’re not robust or reliable enough to handle every case scenario. Having access to a high-grade, third-party backup service is the best way to reduce your exposure and manage the risks associated with data loss and destruction.

3. Retention and recovery management

Cloud-based services are popular for many reasons, with Office 365 and other solutions featuring better integration between applications, more efficient data exchange and delivery, and the ability to utilize transparent services regardless of location.

Many of these benefits come at a cost, however, with enterprises losing control over data retention and recovery. While Office 365 does have its own retention policies, they are ever-changing and difficult to manage. In fact, confusing and inaccessible data retention is one of the reasons why so many businesses refuse to move to the cloud.

You can have the best of both worlds with backup solutions that provide you with complete control over data retention and recovery management.

4. Legal and compliance obligations

In addition to running a business and ensuring access to key data and services, organizations have a responsibility to meet certain legal and compliance obligations.

A cloud backup service allows you to retrieve important data instantly and with minimal disruption to critical business systems.

Whether it’s retrieving user data for law enforcement, accessing your mailbox during a legal action, or meeting regulatory compliance standards, dedicated cloud backup makes it easier to meet your responsibilities.

5. Managing the migration process

With more businesses moving to the cloud all the time, the migration process is often presented as a seamless and natural transition.
While the benefits of SaaS are valid and well-known, managing hybrid email deployments and other critical services during migration can be more challenging than Microsoft would have you believe.

Whether you want a dedicated cloud solution or a mix of Office 365 and on-premises services, backup solutions like Veeam (our recommended solution) allow you to protect and manage your data during and after the transition in a way that makes the source location irrelevant.

7 typical disaster recovery plan mistakes (and how to fix them)

A disaster recovery plan is just one step in an approach to keeping your business running well. Cyberthreats aren’t going away and new threats emerge all the time. Complete data protection requires a robust plan that includes everything from backup and disaster recovery to business continuity.

If you’re serious about crafting a disaster recovery plan that will protect your business, there are some common mistakes you’ll want to avoid. Here are 7 pitfalls we see businesses get sidelined by on a regular basis—and how you can overcome them.

  1. Not having a plan at all

The only thing worse than a disaster is a disaster you’re totally unprepared for. If disaster recovery is totally new for you, don’t sweat it. Start by reading our guide to completing a disaster recovery plan.

  1. Not clearly noting who is responsible for what

It’s natural to focus your data recovery plan on the data, itself, including the hardware and cloud storage you depend on. But what will keep your business going is your people.

If you have a managed IT services provider, they can certainly help, but it’s not all on them. That’s because this is about your business.

For each step of data recovery, you need to know who will be affected and who will be responsible. Consider management, employees, departments and sometimes even customers.

  1. Not having a plan for communication (internally & externally)

An easy mistake to make is assigning roles for each task but not considering how people will be notified of the step in the process.

Your communication plan can take many forms, from modern solutions like mass notification through SMS messages to an old-fashioned phone tree. The specific tools you use doesn’t matter nearly as much as having a clearly-outlined plan well in advance.

Make sure everyone in your organization, as well as your managed IT services provider, is included and informed.

  1. Not identifying critical processes

It’s easy to get stuck in the weeds. You know the systems you use, as well as the pitfalls and obstacles associated with each. But don’t forget the goal: business continuity.

Everything you do isn’t critical. Evaluate each process your company relies on and ask yourself what will happen if each of these processes goes offline. Having taken into account the risk associated with each process, decide which processes absolutely have to stay up and running.

Those are your critical processes. Your business continuity plan should focus on maintaining them.

  1. Not having key buy-in

Disaster recovery plans affect the whole business. Because that’s true, it’s important to keep leadership in the loop about the plans and the risks.

If you’re not sure where to start, consider checking out this resource: 4 cybersecurity facts your company’s leadership team should know.

But don’t stop with the leadership. From there, make sure that everyone in the organization knows what your business continuity plan is and why it matters.

  1. Not monitoring, testing & updating

A good disaster recovery plan is active.

You should be monitoring and testing. Monitoring your network will make you aware of potential issues before they have a chance to take your network offline. Proactive in testing also helps to identify potential, as well as giving you a better picture of overall risk. And system updates mitigate vulnerabilities and ensure functionality.

As your system updates, don’t forget to update your recovery plan to match your newly patched system.

  1. Not mitigating risk

Disaster recovery isn’t just about preparing an inevitable emergency. It’s also about mitigating negative impact whenever possible.

A recent example of the power of mitigation is the MyHeritage breach over the summer. It affected a massive 92 million customers. But through smart, thoughtful systems design and preparation, the damage was minimal. MyHeritage didn’t store passwords directly, but rather in a one-way hash unique to each user. As a result, the breach did not actually compromise the passwords. Further, they didn’t store personal information (like credit card numbers or family tree information) that they didn’t need to maintain.

This kind of thorough, thoughtful systems approach lowered their overall risk well ahead of time. The breach they experienced could have been devastating. But their strategy turned it into a relatively minor inconvenience rather than a true emergency.

The post 7 typical disaster recovery plan mistakes (and how to fix them) appeared first on ISG Technologies.

Source: my isg

The 4 best cloud backup solutions for small businesses

There are several reasons to consider a cloud backup for data protection for an SMB. These include everything from ease-of-use to cost-effectiveness. But perhaps the most compelling reason simply this—it’s wise to be ready for whatever the future holds.

That’s what data backup is. Preparation for the unexpected.

You can’t guarantee the security of your company’s data if you aren’t ready for natural disasters, cyberattacks and even simple human error. Any number of things could compromise your company’s data, which is why it’s so critical the regularly back up everything.

Cloud computing offers an easy, efficient, secure option for backing up your data, thereby reducing or even eliminating downtime.

But what backup service is the right one for your business? We took a look at some of the most popular and weighed their potential benefits for your SMB.

Veeam

Veeam is a service that focuses heavily on data availability. While it can function as a no-frills backup from day one, it comes with so much more. Many companies, even SMBs, choose to take advantage of Veeam’s five-step process, moving their business toward Intelligent Data Management.

What is Intelligent Data Management? Not only is your data instantly available all the time, split up across multiple clouds so that it resides where it’s both accessible and safe. Veeam’s advanced backup option will also utilize automation to ensure your data is optimized for use and recovery at a moments’ notice.

That’s convenience that pays off.

From small businesses to universities to the Fortune 500, more and more businesses are trusting their data with Veeam. There are a few different tiers of data protection plans available. Find the license that works for you and scale upwards if/when you need to.

Additionally, Veeam is continually updating and adding functionality to its service. You’ll always have the cutting edge of data security.

Carbonite Online

Carbonite Online employs a wide-net approach to data security. Rather than defaulting to backing up a computer in its entirety, Carbonite backs up what it decides is most critical and relies on the user to further fine tune the process.

It’s a process that works well if you’re using a lot of standard folder designations such as My Documents. In fact, in that case it’s a real time-saver. But if you working out of a more customized setup, you may find it frustrating.

Carbonite uses Continuous Data Protection (CDP) to handle backing up rapidly changing data files more or less constantly. If a file changes within a designated folder, it’s backed up quickly. This is very convenient for users who can’t afford to rebuild a recently-lost file, but need their most recently worked on version recovered as quickly as possible.

Pricing isn’t exactly cheap, but arguably worth it if it’s a good fit.

SOS Online Backup

Is security one of your biggest concerns? SOS bills itself as a backup solution that’s all about security. (Though, in fairness to the other solutions listed here, security is big for everyone.) SOS’s security features range from password protection to privately managed keys and multi-layered 256-bit encryption.

SOS will simultaneously backup to a local hard drive or other computer over your local network for quick retrieval. Like Carbonite, SOS backs up what it considers to be the most important data. You’ll need to customize these settings if they don’t work for you.

The pricing is good—that is if you’re not transmitting massive amounts of data. Yearly subscriptions save you some money over monthly options.

iDrive

While certainly not the least expensive choice, iDrive is still reasonably affordable and comes with enough options to warrant a spot in our top-four roundup.

Among its most well-liked features is the availability of client software for nearly every type of PC and device. In addition, extra storage enables syncing all PCs as well as mobile devices. As with most of these services, iDrive utilizes CDP options to keep your backup files as current as possible.

iDrive includes several choices for single user plans which will cover an unlimited number of computers and devices. The business user plans also allow for an unlimited number of users, although storage is limited by pay-tier.

Know what you need

When considering your choices for a data backup service, you’ll want to keep a few things in mind. Examine your needs and compare them to what the various services offer, and at what costs. Among things to look at, include:

  • Operating system and device support
  • Privacy and Security
  • Storage capacity
  • Speed
  • Features
  • Reliability
  • User-friendliness

Once you’ve mapped out your needs and budget, compare them to this list and see which service lines up the best for you.

 

Why patching should always be a priority for IT network health

Having a sound IT infrastructure is crucial for every organization.

From network security to hardware and software implementation, your IT plan should always reflect company objectives and directives. But you also need a safe and secure operating platform.

That’s why patches should never be overlooked when it comes to network health and digital environment stability.

“Software updates are important because they often include critical patches to security holes.” – McAfee

What can patching do for my IT services?

Patches are software updates for your OS and other executable programs. Patches offer temporary fixes between full releases of software packages. Similarly, they can help maintain your IT network stability via.

Here’s some of what patching typically addresses:

  • Software bugs fixes
  • New or updated drivers
  • Fixes for new and existing security vulnerabilities
  • Fixes for software stability issues
  • Automatic upgrades for software and apps

Related: The CIO’s guide to lowering IT costs and boosting performance

Will patching tackle the latest viruses and malware?

While antivirus applications are part of any IT security package, patching is designed to integrate with existing systems and improve usability across the board.

At its core, software patching is essentially a convenient way to update applications and supporting data. This, in turn, updates, fixes and improves overall performance. These updates fix bugs within your software and IT infrastructure, resulting in safer and more efficient digital workspaces.

That said, patching does play a key role in vulnerability management.

With digital intrusion and network hacking at an all-time high, you need a timely, effective solution for implementing corrective measures. Sadly, most clients tend to overlook the importance of patching for mitigating risk.

Patches benefit your IT network in the following ways:

  • Identify and mitigate network security vulnerabilities.
  • Facilitate the seamless integration of operating systems and software apps
  • Ensure critical business processes and protocols run smoothly
  • Provide another critical layer of cybersecurity protection
  • Stop malware, viruses, adware and even ransomware from quietly running in your background systems

Looking for a complete cybersecurity plan? Check out The 2018 cybersecurity handbook.

How are patches delivered to my IT network?

Security and network patches are automatically inserted into codes of your existing software and apps.

This is done with little-to-no interruption of your daily business tasks, though there are times when patching requires user permission. In many organizations, patches are handled by the in-house IT teams or by the organization’s managed IT services provider.

Patching is essential for system success

The important thing is that you don’t ignore patching. Because patches rarely feel critical in the moment, it’s surprisingly easy (both for IT departments and individual users) to simply put off the patching process. That has the potential to leave you open to all kinds of nasty vulnerabilities.

Patching your programs may not seem all that important, but it really is vital to your overall network health.

“The takeaway for CIOs: Keep your work computers updated with patches on a regular basis and apply emergency patches as needed.” – CIO

The essential components for complete ransomware protection

For criminals, ransomware is big business.

The methodology is simple: attackers target a company with malware which encrypts their data, then send a request for money, usually in the form of Bitcoin or another difficult-to-trace cryptocurrency. Should the company refuse to pay up, their data will remain encrypted and inaccessible. Or it might even be shared publicly on the internet.

Given the potential damage both financial and reputational that might result, it’s no wonder that many companies choose to pay the ransom.

Kaspersky Lab noted a thirteen-fold increase in ransomware attacks in the first quarter of 2017 compared to the previous year. With the average cost of a ransomware attack sitting at over $1,000, the danger is a significant one . . . and no company is safe.

Victims range from small businesses to huge organizations, such as the UK’s National Health Service and aeronautical engineering firm Boeing. Whatever the size of your company, protecting data against ransomware is every bit as essential as physically protecting your premises from burglars.

Here are four things you can do to ensure that you are effectively protected against ransomware.

Backup everything, often

A robust backup plan can make all the difference to a company hit by a ransomware attack.

Rolling back to a previous version may make it possible to avoid paying the ransom and resume normal operations. But beware. Ransomware is becoming increasingly sophisticated. Many new viruses are designed to seek out backups and encrypt those as well.

To avoid this worst-case scenario ensure that you employ a backup solution with versioning or one that is physically disconnected from your system, like a cloud backup solution.

Train your staff

Every staff member in your organization is a potential entry point for malware. Many attacks still succeed largely due to human error.

Indeed the “WannaCry” attack which struck Boeing was transmitted by means of a zipped file attached to an email. In order for the malware to take effect, an employee within the organization had to unzip and run the file.

Train your employees to identify fake emails and encourage a culture of double-checking the origin of any suspicious attachments. Also, establish robust procedures for employees to follow when they think they might have exposed a device to malware. A swift response can isolate the machine in question and potentially save thousands of dollars in damages.

Stay up to date

There are many reasons to keep the operating systems, browsers and plugins up to date. Ransomware prevention is just one of them.

Many ransomware attackers gain entry to a system via weaknesses inherent in out-of-date plugins and other tech. By recommending (or, better yet, enforcing) updates, you can stay ahead of the criminals and keep your sensitive data secure.

Employ ransomware protection

Last, but by no means least, you should ensure that every machine (even personal devices used for work purposes) in your organization is running malware protection software from a reputable provider. While no program can prevent every single attack, most will be able to guard against a whole raft of common exploits.

If the worst does happen . . .

If you are subject to a ransomware attack and cannot recover your data from backup, your options are limited.

Paying the ransom might seem like the most sensible course of action, but there have been numerous cases in which doing so didn’t yield a decryption key. If that happens, you’ve only added an extra cost to an already-expensive situation.

An expert might be able to help you mitigate the damage, but it is vastly preferable to avoid attacks in the first place. The time to act is now—protect your data and ensure that your company doesn’t end up on the long list of ransomware victims.

Is physical data destruction completely secure?

Cybersecurity is a paramount issue facing businesses in the digital world. The average costs of a successful cybercrime in 2017 were roughly $1.3 million for large enterprises and $117,000 for small- to medium-sized businesses, according to Kaspersky Lab. These figures include the cost of data theft but do not encompass the additional potential price of a damaged reputation and ensuing legal action. Data also indicates that cyberattacks will become only more expensive and damaging in the coming years.

Defending an organization against cybercrime requires a multi-channel approach. Companies should be open to software solutions, employee training and hardware upgrades whenever necessary. However, another avenue for cybercrime is occasionally overlooked. Physical theft of connected mobile devices, laptops and even desktop computers can lead to an open pathway for cyberattacks. In addition, some businesses simply sell their used electronics without first doing a proper data cleanse.

But can information to completely and permanently removed from a hard drive?

Hard drives are traditional data collection units that can be altered in a number of ways. However, the question is "can data be permanently removed."Hard drives are traditional data collection units that can be altered in a number of ways. However, the question is "can data be permanently removed?"

The levels of data destruction
Deleting data is not as secure as some might assume. In actuality, when information on a computer is "deleted," the files themselves are not immediately removed. Instead, the pathing to that information is expunged. The data is also designated as open space, so the computer will eventually overwrite it. However, until this rewrite occurs, it is relatively easy for the information to be restored and accessed by any tech-savvy user.

Fortunately for organizations trying to permanently dissolve their data, deletion is only the first step of the process. Lifewire recommended three additional methods to ensure that information remains lost.

First comes software – using a data destruction program on the hard drive. This method has been met with approval from the National Institute of Standards and Technology as a secure way to permanently remove information from a hard drive, according to DestructData. However, drawbacks include resource consumption, as this can be a time-intensive process. In addition, some overwriting tools can miss hidden data that is locked on the hard drive.

The most secure method to completely remove data is degaussing. Hard disk drives operate through magnetic fields, and degaussers alter those waves. The result is a drive that can never be read again. In fact, the computer will not even register it as a hard drive from that moment on. However, the downside in this process is twofold: One, the drive is useless after degaussing. Two, this method can on only hard disk drives. Solid state drives and flash media do not use magnetism in the same way, so a degausser will be ineffective.

The final option is to physically destroy the data drive. While many people think that this task can be done with patience and a hammer, it is unfortunately not that simple. Hard drives can be rebuilt with the right tools and expertise. According to the Computer World, NASA scientists were able to recover data from the charred wreckage of the Columbia shuttle after its disastrous explosion and crash in 2003.

Computers that are simply thrown out can still possess classified data, which can return to haunt the company. Computers that are simply thrown out can still possess classified data, which can return to haunt the company.

The resiliency of hard drives
In short, it can be difficult to permanently expunge data from a hard drive. This reality is in part why businesses are opting for less internal data centers and more dependency on cloud solutions. According to TechTarget, cloud solutions represent a more secure method of data organization than traditional IT infrastructure.

While data can be safely deleted, the reality is, unless a degausser is used, there is always some chance of information recovery. Cybercriminals are becoming more sophisticated, and given the expensive nature of dealing with data breaches, it is understandable why the cloud is becoming the preferred solution.

How will the GDPR affect your business?

After two years of preparation, the European Union's General Data Protection Regulation is set to go into effect May 25, 2018. Designed to replace the Data Protection Directive of 1995, this legal framework will provide substantial protection for EU citizen's data by imposing heavy fines on any company found to be in violation of the GDPR.

While large companies within the EU have been bracing themselves for impact, many organizations feel unprepared. A report from information security provider Varonis found that 55 percent of businesses worldwide were worried about incurring fines for a GDPR violation. Given that these penalties can be severe – with a maximum fine of €20 million or 4 percent of annual worldwide turnover – organizations may have reason for alarm.

However, arguably the group most at risk are smaller businesses not based in the EU, or companies that don't primarily deal with data. After all, the GDPR is all about regulating data privacy. Yet these organizations may be in the crossfire. Any business that collects data, any amount of it, from an EU citizen or the EU market must fully comply with GDPR standards.

Who needs to comply with the GDPR?
According to the New York University School of Law, any U.S. organization possessing an entity or any kind (person or office) should ascertain if they will be required to follow the new GDPR policy. GDPR standards will apply to all businesses that process any amount of "personal data" from individuals located in, or protected by, the EU.

The definition here of personal data is broad. According to the initiative, personal data is now any information, not just personally identifying information, that relates to a natural person, identified or identifiable. These new standards apply to log-in information, vehicle ID numbers and IP addresses.

"Any operation or set of operations which is performed on personal data or on sets of personal data" will be regulated by the new standard, according to the articles of the GDPR. These broad definitions and regulations have been purposely worded to incorporate not just companies within the EU but global organizations as well. While the GDPR is a Euro-centric law, its implications may create a new global standard of internet data security.

Businesses with remote employees who are citizens of the EU should investigate whether they will be bound to GDPR policy. Businesses with remote employees who are citizens of the EU should investigate whether they will be bound to GDPR policy.

How prepared generally is the U.S.?
Unfortunately, many businesses in the U.S. simply are not sufficiently informed regarding the coming measure. The Varonis report found that U.S. awareness of the GDPR was only at 65 percent, below the overall average of 79 percent. Only 30 percent of U.S. respondents reported being in full compliance with the upcoming laws. Over 10 percent of organizations still didn't know whether the bill would affect them.

When looking at overall measure compliance completion, the majority of U.S. companies affected by the GDPR have re-evaluated data breach detection procedures, as the GDPR mandates that any EU citizen affected by a breach must be notified within 72 hours of its detection. A little less than 60 percent of U.S. organizations have also conducted a comprehensive assessment of personal data stored within their organization.

This procedure is highly recommended for all companies that may even remotely store some sort of personal data from the EU. It is only after such an assessment has been performed that an organization can be sure whether or not it will be affected by the GDPR.

About 7 percent of U.S. businesses had completed no significant measures to comply with the GDPR.

"About 7 percent of U.S. businesses had completed no significant measures to comply with the GDPR."

What does the GDPR mean for data collection?
Personal data collection will become more transparent under GDPR guidelines. Everyone, personally and professionally, is familiar with user agreements, popular on social media sites like Facebook and Google. These documents have been full of dense legalese designed to disguise their intentions and limit consumer knowledge of the websites' activities.

Under the GDPR, these wordy documents will be made illegal, replaced by concise, comprehensible wording that will alert the "data subject" of exactly what information is being taken. The individual will reserve the right to leave said data contract anytime with no negative repercussions allowed. In short, the naive early days are over and the GDPR will arm at least EU consumers will the tools needed to determine what, if any, information they allow to be shared for commercial purposes.

Data protection by design will also be mandated. Companies will have to factor in information security at every stage of data collection software collection, instead of regulating it to outside software or hardware.

How the GDPR will impact overall data collection remains to be seen. However, what is clear now is that many organizations still have work to do before May 25. With such steep penalties for failure to comply, businesses cannot afford to be asleep on this issue, or even to drag their feet. The fundamental nature of information security could well change from this act. Hopefully, it will be for a better, more secure data privacy marketplace.