11/11/19

Staying on Windows 7 could be a GDPR breach

A number of businesses along with other groups and organisations have fallen foul of the GDPR laws which came into effect last year – but did you know that operating on obsolete PCs or servers could constitute a breach of data regulations?

The Independent Commissioner’s Office (ICO), the UK’s independent authority which upholds data information rights, has been busy over the past year or so policing data protection and taking action against those who have breached GDPR.

Prosecutions so far…

This action has come in the form of prosecutions, enforcement notices and monetary penalties, which in some cases have resulted in hundreds of thousands of pounds in fines. Those at fault are from a broad range of sectors including marketing, finance, health, online technology and telecommunications, land or property services, general business and even criminal justice.

There really is no hiding place when it comes to GDPR and all perceived breaches of the law are being investigated and pursued vigorously.

So how does Windows 7 fit into this equation?

It’s not just Windows 7 but applies to any of the systems which reach their ‘end of life’ and become obsolete on January 14th, 2020. Regular readers of our blogs will know we have been warning about this for some time and urging people still operating on Windows 7, Windows Server 2008/R2 and Exchange Server to upgrade because their systems will no longer be supported by Microsoft and will therefore be more susceptible to attack and data breach.

The ongoing ICO activity highlights the need for vigilance and that GDPR breaches will not be tolerated. There are some interesting examples of organisations who have broken the law – both with marketing campaigns and for exposing personal data.

Data will be left exposed

It is our opinion at PC Net that running a PC or server with an operating system which is no longer secure would constitute leaving data exposed.

It’s another thing to think about in keeping your systems safe from attack and complying with GDPR laws. Security is paramount in operating day-to-day business and the penalties of not complying with GDPR make the safeguarding of data never more important than it is now.

Risk of enforcement action

The ICO has shown time and again that it is not afraid to go after those who flout the law, but there is more to it than that. Even without the risk of enforcement action and financial penalty, can you really afford to run the risk of operating a system which is going to mean increased dangers from the threat of cyber attack?

For more information about how we can help, telephone us on 01743 290588 or 01952 684030 or email katy@pcnetsolutions.co.uk