Santa has a very important responsibility with his Christmas Lists, as they contain a lot of personal data!  This means they come under GDPR because of the personal identifiers held on the list.  So, what advice would we give Santa if he came to MJD for IT support on keeping his Christmas Lists safe and secure, let’s jump in:

  • Ensure that he has them stored electronically in a location that is backed up regularly.
  • Ensure that only the elves who need access to the lists have access to the lists and review permissions every year.
  • Only store the data he needs to on the individuals on his Christmas List and clearly state why he is keeping the data.
  • Ensure that the lists are held securely and adequate protection measures put in place.

So, for Santa to do this we’d recommend the following:

  • Layered security software to protect all devices on his network (antivirus alone is no longer sufficient).
  • A robust back up system, such as a Datto.
  • Have permission levels and security groups setup for users on the network.
  • Review the data each year and check that he still needs to keep the data and if so for how long (For Example – scrooge should be removed from the list).
  • Review his processes for data requests, right to erasure requests and correcting data held (For Example – if the grinch wants his data removed then he can ask and it will be done.)

We here at MJD are always happy to help Santa with his IT support requests to ensure he can concentrate on his core business activities of delivering presents to all the lucky girls and boys.  If you would also like some advice on GDPR and cyber security please don’t hesitate to get in touch with the team here at MJD.