DIY data breach protection – a business owner’s GDPR toolkit

When we have conversations with business owners about data protection there are key phrases that we look out for, little indicators that tell us those people most probably aren’t ready for the new regulations – for example: ‘I have a department that deals with all that legal stuff, they will sort it out.’

We really do appreciate a lot of business owners don’t have the time to get heavily involved in certain aspects of their business and they hire good people to deal with specific ‘stuff’.

However, a business owner is the person or persons who are libel if there is a data breach within the organisation, no one else can be blamed.

Now, more than ever, it is really important for a business owner to know what data is being collected and stored within their company. Not the basics, the full story.

If you own a business, the safest way to make sure you are GDPR compliant is to start with some DIY.

Do-it-yourself… be aware of the regulations and make sure your staff know what their role is when it comes to compliance.

I know we keep reiterating this point but it is overwhelming the number of companies that really don’t have any comprehension of the data law changes ahead.

Trying to get the message across has its challenges, informative GDPR emails sit unopened in inboxes or get deleted. So, it is our responsibility to keep sending out the message hoping it will get seen by as many people as possible. That’s why we write these articles, it is to share our expertise and educate business owners and employees.

We know that after the GDPR comes into force on the 25th May the ball will keep rolling. It will be an on-going learning curve for many people and their businesses. It is something that needs to be maintained, there isn’t a simple quick fix.

Our job is to make data protection easy to understand based on real world situations and to give you the most up-do-date information on a regular basis. Enrolling in one of our training courses will give you peace of mind, knowing you are getting the most up to date information from our experts.

The Information Commissioner’s Office (ICO) has a data protection self-assessment procedure on their website. This is a great tool for your DIY data breach protection. The self-assessment toolkit has been created with small organisations in mind, from the private, public and third sectors. Take a look and we can expand on these areas if you wish to know more.

This is to help a data controller assess their level of compliance with data protection regulation. It includes information about designating a Data Protection Officer, data breaches, consent, new rights of individuals and handling subject access requests. Find out more…

To help data processors understand and assess compliance with the data protection legislation. Including new requirements for data processors, data breaches, the rights of individuals and designating a Data Protection Officer. Find out more…

This is designed to help assess an organisation’s data sharing policies and agreements. Compliance monitoring, maintaining sharing records, registration and the process for how to deal with a subject access request. Find out more…

Information about an organisation’s records management policy and the risks to people’s personal information. Including record creation, storage and disposal, access, tracking and off-site storage. Find out more…

This is to assess compliance with data protection in the specific areas of information and cyber security policy and risk. Working remotely with removable media, access controls and malware protection. Find out more…

This includes information about assessing a business or organisation in the area of direct marketing in line with the Privacy and Electronic Communications Regulation (PECR). This covers consent and bought-in marketing lists, telephone, email, text and postal marketing. Find out more…

This is a checklist to help the compliance of a CCTV system including installation, management, operation, public awareness and signage. Find out more…

Another essential part of your GDPR do-it-yourself toolkit is to always have an answer for your customer about everything to do with their data…

When a customer asks you questions about the data you are storing on them, you need to have an answer, it’s as simple as that.

They may request:

A customer has the right to get a copy of the information that is held on them. It is known as a ‘subject access request’. Find out more…

A customer may want to raise a concern or claim compensation. Find out more…

Thankfully, more and more business owners are enrolling in our courses. They feel more confident moving forward that they will be prepared and have all the information they would need if there was a data breach within their company.

The key thing is to know your data!

Adrian McGarry

 

Also recently published