How many data exposure risks can you see in these pictures?
Take a look at the images. Can you see a potential data breaches?
Hopefully, you can see quite a few, if not you need to contact me so I can point them out and give you some advice.
When I talk to my customers I’m amazed at how many of them don’t know anything about the GDPR – the new data regulations that come into force on the 25th May.
I explain to them that it is essential they know about the big changes in data protection.
It appears that people are aware of the DPA (Data Protection Act) but the GDPR is bigger and better to help protect a person’s digital existence online. If you don’t comply with the new regulations, the fines are a lot steeper!
Currently, the maximum fine the ICO can charge is £500,000. When the GDPR comes into force the maximum fine is £17,000,000!
As business owners, we should be aware of potential data breaches. Not just in the working environment but for employees that work remotely.
How many of your employees are aware of the data protection changes ahead? If you were to ask them what would they say?
You should try it. It would be a very valuable exercise.
Do they know that they can’t put a piece of paper in the bin that contains the name and address of a person? Do they leave files containing personal information sitting on their desk? Do you write people’s contact details in your diary or share other people’s business cards?
It’s simple things like that…
After the 25th May 2018, those actions could be a potential data breach.
The key thing to remember is:
Any organisation that records information about ‘people’ needs to know about the GDPR and having that knowledge is a necessity. It is a business owner and leadership’s responsibility to make sure that everyone in their organisation is aware of the new data protection regulations and good data privacy processes
Know your data, know where it is and know what to do if there is a data breach.
How can you assure that your organisation is compliant with the new data protection regulations?
You can employ a Data Protection Officer (DPO) and for companies over 250 employees or companies that handle specific information, having a DPO is compulsory.
You and your employees can undertake a training program to further your understanding of what you, your organisation and your stakeholders should be doing to prepare to make sure you are compliant with the GDPR.
Seeking professional advice and using a structured training programme can give you total reassurance. You need to make sure you and the leadership understands the following:
The GDPR and who it will affect
Why the GDPR is important to you
Which person is ‘responsible’ for complying to the new regulations
How long you can keep client information
If you have to review the new policy
If you need a Data Protection Officer
Why you need to record the data you are collecting including for what purpose they intend to use it
The recording processes of how you work with data and consideration that you have the right consent from each individual
Securing data, auditing data and privileged access to this data will also become mandatory
You will need to inform the relevant supervisory authority within 72 hours of your organisation becoming aware of a data breach
Discuss GDPR and IT
Protecting your customer, client, beneficiaries or employee’s information is crucial to all organisations.
Here are some very typical examples of how your staff could cause a data breach without realising:
Waste paper in the bin with personal details written on it
Stolen or lost mobile phones with customer or staff related information on
Stolen or lost laptop with customer or staff related information on
Documents left on show on desks
Stolen or lost USB sticks
Unlocked filing cabinets
Old data bases (Excel spreadsheets from tradeshows and so on)
Employees sharing customer data on their computers
Diaries thrown away once out of date
Bags or brief cases containing laptops or phones being lost or stolen
Phone numbers for cold calling
Unencrypted USB sticks, external hard drives or mobile devices
Cloud data stored in insecure applications or cloud services
Poor password control
And this one may seem obvious, but we see this so often; usernames and passwords stuck on the front of the screen, in your diary, notebook or even stuck to your notice board in your office
Next time you are in an airport, in a café, on the train or in other public places - look out for some data breach hazards. Has someone left their laptop unattended, have they dropped a USB stick or left their mobile phone on the seat?
It is vital for me as a business owner to be totally up to date with all the GDPR developments.
For advice about cybersecurity and the GDPR go to: https://www.networkandsecurity.co.uk/