The General Data Protection Regulation & The Duty to use Encryption

The General Data Protection Regulation, abbreviated to GDPR, raised a storm when it arrived. In reality, it merely tightened up on existing good practice according to digital security specialists Gemalto. The right to withhold consent and to be forgotten has always been there, for example. However, the GDPR brings a free enforcement service for consumers, thus avoiding the need for third party, paid assistance.

The GDPR Bottom Lines for Data Security
Moreover, the GDPR has penalties it can apply, of the order that might have a judge choking on his wig. Under it, data security measures such as pseudonymisation (substitution of identifying fields) and encryption (encoding including password protection) have become mandatory. Businesses must further respect their client data by:

a) Storing it in a secure environment supported by robust services and systems

b) Having proven measures to restore availability and access after a breach

c) Being able to prove frequent effectiveness testing of these measures.

The General Data Protection Regulation places an onus on businesses to report any data breaches. This places us in a difficult situation. We must either face at least a wrist slap upon reporting failures. Alternatively, pay a fine of up to ?10 million, or 2% of total worldwide annual turnover.

The Engineered Weak Link in the System
Our greatest threat of breach is probably when the data leaves our secure environment, and travels across cyberspace to an employee, stakeholder, collaborator, or the client themselves. Since email became open to attack, businesses and individuals have turned to sharing platforms like Dropbox, Google Drive, Skydrive, and so on. While these do allow an additional layer of password protection, none of these has proved foolproof. The GDPR may still fine us heavily, whether or not we are to blame for the actual breach.

How Hacking is Approaching Being a Science
We may make a mistake we may regret, if we do not take hacking seriously. The 10 worst data hacks Identity Force lists are proof positive that spending lots of money does not guarantee security (any more than having the biggest stock of nuclear weapons). We have to be smart, and start thinking the way that hackers do.

Hacker heaven is finding an Experian or a Dun & Bradstreet that may have shielded 143 million, and 33 million consumer records respectively, behind a single, flimsy cyber-security door. Ignorance is no excuse for them. They should simply have known better. They should have rendered consumer data unreadable at individual record level. The hackers could have found this too demanding to unpick, and have looked elsewhere.

How Data Encryption Can Help Prevent Hackers Succeeding
Encrypting data is dashboard driven, and businesses need not concern themselves about it works. There are, however, a few basic decisions they must take:

a) Purge the database of all information held without explicit permission

b) Challenge the need for the remaining data and purge the nice-to-haves

c) Adopt a policy of encrypting access at business and customer interfaces

d) Register with three freemium encryption services that seem acceptable

e) After experimenting, sign up for a premium service and be prepared to pay

Factors to Consider When Reaching a Decision
Life Hacker?suggests the following criteria although the list is a one-size-fits-all

a) Is the system fast, simple, and easy to operate

b) Can you encrypt hidden volumes within volumes

c) Can you mass-encrypt a batch of files easily

d) Do all other files remain encrypted when you open one

e) Do files automatically re-encrypt when you close them

f) How confident are you with the vendor, on a scale of 1 to 10

It may be wise to encrypt all the files on your system, and not just your customer data. We are always open to a hack by the competition after our strategic planning. If we leave the decision up to IT, then IT, being human may take the easy way out, and encrypt as little as possible.

Contact Us

  • (+353)(0)1-443-3807 – IRL
  • (+44)(0)20-7193-9751 – UK

Check our similar posts

2015 ESOS Guidelines Chapter 3 ? The ESOS Assessment

ESOS operates in tandem with the ISO 50001 (Energy Management) system that encourages continual improvement in the efficient use of energy. Any UK enterprise qualifying for ESOS that has current ISO 50001 certification on the compliance date by an approved body (and that covers the entire UK corporate group) may present this as evidence of having completed its ESOS assessment. It does however still require board-level certification, following which it must notify the Environment Agency accordingly.

The Alternate ESOS Route

In the absence of an ISO 50001 energy management certificate addressing comprehensive energy use, a qualifying UK enterprise must:

  1. Measure Total Energy Consumption in either kWh or energy spend in pounds sterling, and across the entire operation including buildings, industrial processes and transport.
  2. Identify Areas of Significant Energy Consumption that account for at least 90% of the total. The balance falls into a de minimis group that is officially too trivial to merit consideration.
  3. Consider Available Routes to Compliance. These could include ISO 500001 part-certification, display energy certificates, green deal assessments, ESOS compliant energy audits, self-audits and independent assessments
  4. Do an Internal Review to make sure that you have covered every area of significant consumption. This is an important strategic step to avoid the possibility of failing to comply completely.
  5. Appoint an Approved Lead Assessor who may be internal or external to your enterprise, but must have ESOS approval. This person confirms you have met all ESOS requirements (unless you have no de minimis exceptions).
  6. Obtain Internal Certification by one of more board-level directors. They must certify they are satisfied with the veracity of the reports. They must also confirm that the enterprise is compliant with the scheme.
  7. Notify the Environment Agency of Compliance within the deadline using the online notification system at snapsurveys.com as soon as the enterprise believes is fully compliant.
  8. Assemble your ESOS Evidential Pack and back it up in a safe place. Remember, it is your responsibility to provide proof of the above. Unearthing evidence a year later it not something to look forward to.

The ESOS assessment process is largely self-regulatory, although there are checks and balances in place including lead assessor and board-level certifications. As you work through what may seem to be a nuisance remember the primary objectives. These are saving money and reducing carbon emissions. Contact Ecovaro if we can assist in any way.

How FieldElite helps Electricians

The need to hire an electrician arises more often than we expect. It’s quite common to come across problems with structure-wiring, whether at home or in your business premises. It’s, therefore, not surprising to come across a home or a business owner in search of electrical services.

Whether a startup or a fully-fledged business that offers electrical services, there are challenges that come with running the venture. Where you have field service electricians, the challenges are even compounded, more so on matters of assigning tasks, receiving complaints from customers, and receiving field service reports.

As we all know, an electrical business isn’t just limited to the management of field service electricians. You’ll have to manage all the processes, a responsibility that can be quite daunting.

It doesn’t have to be difficult, though. You can take advantage of a field service management software program to make the entire management process effortless.

FieldElite is one such software. With FieldElite, you can assign tasks, communicate, and receive reports from your electricians on the go. Incorporating field service management in your electrical business enables you to run your business operations smoothly. 

Below are some of the benefits of using FieldElite field service management software. 

Increased Efficiency

Improved efficiency is the number one benefit electricians can get from field service management software. With FieldElite, electricians can accept jobs while in the field and add attachments together with client signatures using their smartphones or tablets. From the field management software, they can get information on the optimal route to the site, the tools required for the job, the service history of the customer, and contractual commitments.

Managing and scheduling tasks on FieldElite are just a few clicks away for office-based operators. That means reduced travel times and delays that often cripple workforce management.

Improved Professionalism

FieldElite field management software gives you a professional edge over your competitors. With this field management software, you can store all your business-related information in a central place. Therefore, each of your electricians can access the data from anywhere using their smartphone or tablet installed with the FieldElite mobile application. As such, there?s no breach in communication, and that means the electricians will get the scheduled tasks on time. Building such relationships with your team in the field encourages teamwork and motivates each team member to play their part. Again, since you can monitor what’s going on in the field, you can address the issues raised by your electricians or customers as soon as possible. 

Effective Communication

Timely communication is very essential if you’re working with field technicians. Since you’ll not always be with them in the field, it’s always important to establish a proper communication channel to ensure information reaches them in time. With FieldElite field service management software, electricians receive notifications and details about tasks assigned to them via the FieldElite mobile app.

On the other hand, office-based staff can access the report with the details of the job once the electrician completes the given task. This implies that both the electricians and the office-based operators can get communication instantly, enabling them to see and manage their workloads. Individual electricians can close jobs on-site and proceed to the next task without having to do paperwork reporting. For this reason, electricians can complete multiple tasks within a short time, which improves their overall productivity.

High Accuracy

With FieldElite field service management software, missing data or incomplete information is a thing of the past. Electricians no longer have to deal with paperwork, which can be daunting and time-consuming, yet with a million and one errors. With FieldElite advanced mobile features, all field service processes and operations are automated. The electricians are left with quite little to do, and that minimises data entry errors.

Because the managers get real-time updates from the field techs, they can accurately maintain and track the field processes. With FieldElite mobile features, managers can get information regarding the job status, the actual time of arrival, and the time taken to complete the task. With such updates, the electricians are better placed to do the job well without wasting much time, thus improving their overall productivity. 

Improved Co-ordination With The Team 

Apart from improving the productivity of the electricians, FieldElite improves coordination with the entire management team. For instance, an electrician can be assigned new tasks within the same area where they’re currently assigned instead of sending another to complete a task in that same place. FieldElite makes this possible by always capturing the current location and job status.

Whenever a new request is made in an area, FieldElite first checks the database to confirm if there is an electrician already assigned in that area. If the status of the ongoing assignment is complete or almost complete and the new task request can wait for the remaining time, the electrician in the field would be assigned the new task. By doing so, the business saves on cost and time and minimises movements. 

Improved Customer Satisfaction

As an electrician, you’ll only be satisfied if the service you offer makes the customer happy. Apart from fixing their wiring problems, they?d be happy if you responded quickly to their request. This is only made possible with field service management software. With FieldElite, managers can notify the electricians on the service requests in their respective areas, allowing them to respond to the call within a very short time. Not only does this give you some level of satisfaction as the business owner but it’s also a win for the company. 

Make your field work-flow better with FieldElite, and improve the productivity of your electricians. With FieldElite releasing regular and timely updates, users aren’t left behind whenever there are changes in the field service industry. The updates introduce new features and capture new standards to ensure that you get the best experience with the software at all times.

UK Government Updates ESOS Guidelines

Britain?s Environment Agency has produced an update to the ESOS guidelines previously published by the Department of Energy and Climate Change. Fortunately for businesses much of it has remained the same. Hence it is only necessary to highlight the changes here.

  1. Participants in joint ventures without a clear majority must assess themselves individually against criteria for participation, and run their own ESOS programs if they comply.
  2. If a party supplying energy to assets held in trust qualifies for ESOS then these assets must be included in its program.
  3. Total energy consumption applies only to assets held on both the 31 December 2014 and 5 December 2015 peg points. This is relevant to the construction industry where sites may exchange hands between the two dates. The definition of ?held? includes borrowed, leased, rented and used.
  4. Energy consumption while travelling by plane or ship is only relevant if either (or both) start and end-points are in the UK. Foreign travel may be voluntarily included at company discretion. The guidelines are silent regarding double counting when travelling to fellow EU states.
  5. The choice of sites to sample is at the discretion of the company and lead assessor. The findings of these audits must be applied across the board, and ?robust explanations? provided in the evidence pack for selection of specific sites. This is a departure from traditional emphasis on random.

The Environment Agency has provided the following checklist of what to keep in the evidence pack

  1. Contact details of participating and responsible undertakings
  2. Details of directors or equivalents who reviewed the assessment
  3. Written confirmation of this by these persons
  4. Contact details of lead assessor and the register they appear on
  5. Written confirmation by the assessor they signed the ESOS off
  6. Calculation of total energy consumption
  7. List of identified areas of significant consumption
  8. Details of audits and methodologies used
  9. Details of energy saving opportunities identified
  10. Details of methods used to address these opportunities / certificates
  11. Contracts covering aggregation or release of group members
  12. If less than twelve months of data used why this was so
  13. Justification for using this lesser time frame
  14. Reasons for including unverifiable data in assessments
  15. Methodology used for arriving at estimates applied
  16. If applicable, why the lead assessor overlooked a consumption profile

Check out: Ecovaro ? energy data analytics specialist 

Ready to work with Denizon?

Contact Us Today