How many data exposure risks can you see in this picture?

GDPR & Employees

Take a look at the below. Can you see a potential data breach?

IT User and Employee Education1

Hopefully, you can see quite a few, from the paper in the waste bin, the open files on the desk, through to the person on the telephone who may be taking client notes and leaving them exposed.

When I talk to my clients and prospects,  I am still amazed at how many of them don’t know anything about the upcoming daata protection changes with the GDPR – the new data regulations that come into force on the 25th May and I explain to them that it is essential they know about the big changes in data protection.

People are aware of the DPA (Data Protection Act) but the GDPR is bigger and better to help protect a person’s digital existence online. If you don’t comply with the new regulations, the fines will be a lot more. Customers are trusting you with their data, and you need to make sure you look after it properly.

Currently, the maximum fine the ICO can charge is £500,000. When the GDPR comes into force the maximum fine is £17M or up to 4% of global company turnover,

As business owners, we should be aware of potential data breaches. Not just in the working environment but for employees that work remotely.

resize AdobeStock 243415127

Employee Awareness

How many of your employees are aware of the data protection changes ahead? If you were to ask them what would they say?

You should try it. It could prove to be a valuable exercise.

Do they know that they can’t put a piece of paper in the bin that contains the name and address of a person? Do they leave files containing personal information sitting on their desk? Do you write people’s contact details in your diary or share other people’s business cards?

It’s simple things like that…

After the 25th May 2018, those actions could result in a  potential data breach.

The key thing to remember is:

  • Any organisation that records information about ‘people’ needs to know about the GDPR and having that knowledge is a necessity. It is a business owner and leadership’s responsibility to make sure that everyone in their organisation is aware of the new data protection regulations and good data privacy processes

Data Backup Images

What can you do?

Know your data, know where it is and know what to do if there is a data breach.

How can you assure that your organisation is compliant with the new data protection regulations?

You can employ a Data Protection Officer (DPO) and for companies over 250 employees or companies that handle specific information, having a DPO is compulsory.

or

You and your employees can undertake a training program to further your understanding of what you, your organisation and your stakeholders should be doing to prepare to make sure you are compliant with the GDPR.

Seeking professional advice and using a structured training programme can give you total reassurance. You need to make sure you and the leadership understands the following:

  • The GDPR and who it will affect
  • Why the GDPR is important to you
  • Who is ‘responsible’ for complying to the new regulations and ensuring ongoing compliance
  • How long you can keep client information
  • If you have to review the new policy
  • If you need a Data Protection Officer
  • Why you need to record the data you are collecting including for what purpose they intend to use it
  • The recording processes of how you work with data and consideration that you have the right consent from each individual
  • Securing data, auditing data and privileged access to this data will also become mandatory
  • You will need to inform the relevant supervisory authority within 72 hours of your organisation becoming aware of a data breach
  • Discuss GDPR and IT, although data protection is a Business Issue, not an IT issue, IT plays an important part in the process.

Protecting your customer, client, beneficiaries or employee’s information is crucial to all organisations.

Here are some typical examples of how your staff could cause a data breach without realising:

  • Waste paper in the bin with personal details written on it
  • Stolen or lost mobile phones with customer or staff related information on
  • Stolen or lost laptop with customer or staff related information on
  • Documents left on show on desks
  • Stolen or lost USB sticks
  • Unlocked filing cabinets
  • Old data bases (Excel spreadsheets from tradeshows and so on)
  • Hard drives
  • Employees sharing customer data on their computers
  • Diaries thrown away once out of date
  • Bags or brief cases containing laptops or phones being lost or stolen
  • Phone numbers for cold calling
  • Directories
  • Unencrypted USB sticks, external hard drives or mobile devices
  • Cloud data stored in insecure applications or cloud services
  • Poor password control
  • Poor passwords
  • And this one may seem obvious, but we see this so often; usernames and passwords stuck on the front of the screen, in your diary, notebook or even stuck to your notice board in your office

what is an MSP1

 

Next time you are in an airport, in a café, on the train or in other public places – look out for some data breach hazards. Has someone left their laptop unattended, have they dropped a USB stick or left their mobile phone on the seat?

It is vital for me as a business owner to be completely up to date with all the GDPR developments. As experts in our industry, we are very aware, and have seen real life examples, of the catastrophic effect of a cyber crime or a data breach.

We can help you reduce the risk. Let me know if we can help, always happy to have a chat even just to advise.

Read more about the ICO and the GDPR  

Past Blogs

benefits of cybersecurity

Benefits of CyberSecurity

The benefits of cybersecurity. With vast amounts of information are stored online, the benefits of robust cybersecurity are more vital than ever. At Network &...
what is dmarc

What is DMARC

What is DMARC and Why Does Your Business Need It? When it comes to protecting your business from cyber threats, email security is often overlooked. Yet, email is one of...
Why is password management software important

Why is Password Management Software Important

Why is Password Management Software Important for Your Business? In today’s digital world, passwords are the keys to your business’s most sensitive information. From...
What is Email Filtering ?

What is Email Filtering and Why Every Business Needs It

Email is the lifeblood of business communication, but it’s also one of the most vulnerable entry points for cyberattacks. According to research, 96% of cyber threats...
What’s your business’s view on Return to Office?

What’s your business’s view on Return to Office?

Do you love keeping your employees happy by allowing them to work remotely? Or do you think everyone is more productive in the office? Businesses are divided on this...
Outdated backup systems could leave your business vulnerable

Outdated backup systems could leave your business vulnerable

When did you last review your business’s backup tools? Outdated backup systems can fail to protect you from modern threats, like ransomware attacks. If you want a...
Microsoft’s fixing this annoying Windows 11 fault

Microsoft’s fixing this annoying Windows 11 fault

Fed up seeing useless “Recommendations” in the Windows 11 Start menu? Good news – Microsoft’s making them more helpful. Here’s how the improvements could help your team...
Beware that corrupted email attachment: It could be a scam

Beware that corrupted email attachment: It could be a scam

Cyber criminals get more creative every day. The latest scam designed to steal your business data uses corrupted Word files – and getting fooled is easier than you...
Are your employees your security’s weakest link?

Are your employees your security’s weakest link?

Great employees have the same goals you do. But while they’re working hard to help your business succeed, they could accidentally be opening the door to cyber...
The two big threats of doing business on public Wi-Fi

The two big threats of doing business on public Wi-Fi

Public Wi-Fi can be a lifesaver when you must send an urgent email while out of the office. But did you know it can also put your business data at risk? These are the...