International Data Privacy Day 2019

Monday 28th of January is Data Privacy Day so I thought this might be an opportunity to share some tips on how to protect your business and, of course, your clients.

Last May saw the biggest development of Data Protection Regulation for 20 years as the EU's GDPR came into force. So now the dust has settled let’s recap and celebrate all the hard work that went into complying with the regulation.

Assessing your compliance maturity

It goes without saying that by now you have adopted security measures to ensure that clients and employees’ personal information is protected from malicious and unauthorized access by implementing good IT and Information security measures.

This includes instituting compliant policies and processes proving the level of importance your business places on protecting personal information.

Being straightforward with customers about what data you collect, and what you do with it. Also having a clear Subject Access Requests process to ensure you can meet the commitment to them when they test you.

Ensuring you know what you’re meant to know

Data protection is closely linked to potential reputational damage so being honest with yourself and your customers will help you build trust demonstrating you value clients’ data and are working hard to protect it.

Know all the personal information you have. Where do you store it? How are you using customers’ data and who has access to it? You need to understand what kind of assets you have and why a malicious actor might go after them.

Size doesn’t matter

According to some reports the vast majority of small business owners – as much 85 per cent - according to one survey - believe that larger businesses are more targeted than their own business. The reality is that many small businesses have handed over a lot of money to cybercriminals and hackers.

You will be a bigger target if you are sitting on a lot of valuable information particularly several forms of personal information that can identify customers? Are you sure that login identification and passwords robust? Simple things like establishing multiple layers of security to help keep the hackers out and control internal access rights.

Employees handle customer data so they need to be constantly updated on how to protect that information so that it does not accidentally fall into the wrong hands. Education on the latest fraud schemes and how to employ best practices such as not responding to or opening attachments or opening suspicious links sent from unsolicited email messages is the best policy.

Ensuring you have the latest security software, web browser and operating system are good defences against viruses, malware and other online threats but your own people are ultimately your best defence.

The pain points

Finally, back to GDPR, which hasn’t just gone away. It was reported last week that Google has become the first tech giant to be hit with a record fine for breaching the EU's General Data Protection Regulation (GDPR). This could be the tip of the iceberg though.

According to reports, Google’s €50 million (£44m) fine issued by French regulator CNIL was triggered by complaints relating to how Google handled people's data.

The amount was still way below the maximum fine allowed under the new rules, however. If a massive tech giant like Google can get caught out though then it can happen to anyone. My Little Book of GDPR that my colleague Darren Wray wrote last year in preparation for GDPR is, if anything, more relevant than ever. To purchase a copy, just click on this link https://www.amazon.co.uk/Little-Book-GDPR-Getting-Compliance/dp/1522021140

Or, if you have any questions as to how Fifth Step can help you with data privacy and GDPR issues, contact me directly wayne.jolly@fifthstep.com