Client login >

The GDPR: how we can help

We’re serious about how technology can transform businesses for the better

GDPR applies to your entire business, not just your IT and website, but there are many ways we can help.

General

  • Data audit
  • System vulnerability audit
  • Disaster recovery/business continuity policy
  • Backup policy
  • Password policy
  • Security Policy

Workstations/Laptops/Tablets/Mobiles

  • Secure password/s (including local admin)
  • Encryption (e.g. BitLocker) – including any external drives used
  • Lock-screen timeout
  • Local security policy
  • Locked USB ports/CD Drive/Floppy Drive/Other
  • Support/Maintenance
  • Updates (Windows and other software)
  • Backup
  • Antivirus/Spyware protection
  • Spam filtering (phishing protection)
  • Content filtering/monitoring (OpenDNS/ActivTrak)
  • Login/Logout and file access auditing

Servers/Network

  • Secure password/s (including local admin and recovery)
  • Encryption (e.g. BitLocker) – including any external drives used
  • Lock-screen timeout
  • Local security policy
  • Locked USB ports/CD Drive/Floppy Drive/Other
  • Support/Maintenance
  • Updates (Windows and other software)
  • Backup
  • Antivirus/Spyware protection
  • Spam filtering (phishing protection)
  • Content filtering/monitoring (OpenDNS/ActivTrak)
  • Login/Logout and file access auditing
  • Domain security policy
  • Locked cabinet/room – access policy?
  • Firewall/Router/Wi-Fi (secure config, default password, ports open, remote access, firmware)
  • Penetration testing/Vulnerability scans – one-off or regular

Staff

  • Training
    • Locking computers when unattended
    • Data protection/GDPR
    • Password strength
    • Security
  • Challenge response
  • Permissions (user and group)
  • Reviewing who has access to what

Websites/Online systems

  • Accessed over https (http should forward to https)
  • Updates (website/system and server)
  • Penetration testing/Vulnerability scans – one-off or regular
  • Hosting security/firewalls
  • Virus/exploit/compromise scans
  • Secure password/s (website/system, control panel, FTP, email etc)
  • Backup
  • Safeguards (Physical, technical, administrative, ISO 27001 etc)
  • Datacenter security/location
  • Move paper-based systems to electronic alternatives
  • Limiting access to systems (including website CMS/backoffice) by IP
  • Adding two-factor authentication
  • Data retention - putting in place automated time-based data purging
  • Development of self-service portals to reduce the admin burden and meet your obligations in terms of users' rights to access, rectify, erase, restrict, export and object to processing of their data.

How can you get more information about Cultrix's GDPR compliance plans?

This page is a living document so please check back regularly as the most up-to-date information will be made available here. You may also use a tool such as www.changedetection.com to monitor and receive an alert when we make any changes to these pages.

This website uses cookies, if you'd like to know more about these cookies here's our cookie policy.

Close