GDPR is Coming – Security
I think it’s safe to say we’ve all become a little lackadaisical about data protection and more importantly the security of the data. What do I mean by this?
How many times have you sent a spreadsheet or some sort of file with names and addresses on through email or printed some portion out to work from or to send to someone else in the organisation?
Most of us have done something along these lines at some point or another and of course 99.9% of the time there’s no problem – BUT what happens on the 0.1% of the times when it’s not?
Digital Data the Danger
The ability to easily send information, whether sensitive or not, across short or long distances with the click of a button, has hidden the issues of protecting that data. Computer hacking, email hacking and the stealing of data by downloading, are all real issues in todays’ society and the term “The money is in the list” is a well-known and used term, so we need to be concerned with potential theft of personal data, from less than scrupulous people.
What would you do if a Government agency came along and said I want 4% of your turnover? That’s what the fine will be if you are found to have violated the new GDPR ruling, which will be enforced from May 2018 onwards.
Boot on the Other Foot
Before complaining about the changes you’ll have to make in your business, consider your own situation and how many companies have personal data about you!
Most of us expect companies to look after our personal data and protect it from abuse and theft. We should all consider how we’d feel if we knew a company that held our data treated it with minimal care and what we’d do about it. Most of us would, minimally, ask to be removed from their database.
Look at who has access to any personal data and any points where risk exists. Other questions like how are passwords controlled and are they changed regularly, should not only be asked but implemented.
Passing Personal Data to Other Internal or External People.
Sending an email or downloading onto a ‘memory stick’ is so simple to action, but this also makes it simple to lose. Make sure that any company you allow access to your data has proper systems in place, that you protect your data and can show how this is being done at each step.
What if You Handle Data from Other Companies or Organisations
Anyone who processes data of a personal nature will now be responsible for its handling and use, so if you handle customer data in any way you are as responsible for its use as they are. That means if they have an illegal collection of data and it comes to light you will be as responsible as they are!
Saying “I was using their data in good faith” won’t cut it, so you’ll need to make sure you have systems in place.
If you’ve not already done so, allocate someone to be responsible for GDPR and be prepared to give them the training required and make sure you include security of any data. A good place to start is Information Commissioner’s Office, which has regular updates and information.
If you collect or use B2C data, working on preparing for May 2018 is imperative. Be under no illusion about the work required to get people opted in by May 2018, especially if you have a large database. Email lists consist of many who are either not or are poorly engaged, so getting them to opt-in is a considerable challenge and could involve a telesales company having to call large numbers of your database.
Just remember we are all consumers and as such we want to know companies handle our personal data with respect.
Printed Matter – it’s important that you use a company that understands GDPR and cares about your data as much as you do – but what do you need to be aware of regarding print and GDPR – click here to find out more