It has been six months since the big shakeup and implementation of the GDPR.
Have we all done enough to be compliant?
If the GDPR hasn’t been a time consuming and an eye-opening exercise for an organisation then maybe they’ve missed something.
When it comes to data protection, by now most organisations should be at the…
Little Miss Nelly Know it all stage.
They should know…
- How their data is captured and stored
- How their data is processed
- What to do when something goes wrong
Have you done enough to be GDPR compliant within your organisation?
If you handle personal data, unless you are an expert in data protection or well trained, you will definitely need to read this article.
In fact, even if you are one of the above – it’s worth a read, see below.
No one is exempt from the GDPR, no matter the size or importance of the business. Even the Queen herself can’t just throw her address book in the bin without risking a data breach.
There is so much data protection noise out there. A fog of stressed employers and frustrated employees moaning because they can’t keep their passwords on a post-it note stuck on their computer anymore.
Before we start telling you about our 3 smart tips here are some things for you to think about:
- Is this you? Business owners are putting their trust in their employees and not educating themselves about the GDPR
At the end of the day, the business owner will pay the price if mistakes are made. You only have to look at Facebook and Mark Zuckerberg to see that.
- The net has well and truly been cast – the data protection police have caught some big fish already
- Do you know who you are dealing with?
If the big fish are being fried, to save their business they may point their finger at the little fish so they can survive.
Are you aware of where your data has come from and where your data is going once it leaves your database? The USA? Have you heard of the Privacy Shield?
- Is your business an industry that is office or admin focused? No?
The regulations still apply. Even to the one man band plumber, fitness instructor or beekeeper – if you store any kind of personal data you are liable for a data breach.
- Are the employees at work moaning about how their job role has changed due to new data processes and procedures they have had to implement within the business? Yes?
Great! Awareness is key, changes should have happened and if they haven’t, they need to.
Whether you are a business owner who is on track or someone who is starting to panic because all they know about the new data regulations is the fact that they are called the GDPR, read on – there’s something here for everyone…
Here are our 3 smart tips for data protection:
- Know how your data is captured and stored.
Data protection and information governance are about ensuring you know what your data is, where your data is, who has access to it and who has accessed it already.
Build your knowledge…
Here are some valuable quick reads to help you understand more about the capture and storage of data:
- Know how your data is processed manually and by automation.
Technology can help a business with data protection compliance but spreading data over multiple platforms and using data within different tools increases the risk of a data breach. Storing your data in one place where it’s easily accessible is highly recommended.
Manual data input is a common cause of an automated error and double-input, especially where no data synchronisation exists between systems are where we see most problems.
Even if your systems import from a text file or spreadsheet, how many people check 100% of the data imported or have methods for checking or validating this data for you?
If you are a business owner, does your business have too many systems managing similar data? Are they all necessary?
How are your employees processing data offline, what data is stored in folders – passed around the office, left on a desk or taken home by an employee? Do you know how they are using that data and why? Don’t forget the phone messages scribbled on a notepad or an important password pinned on a noticeboard.
Here are some valuable quick reads to help you understand more about processing data:
- ‘Most people won’t even see 50 or more of the data exposure risks in this scene, can you?’
- DIY data breach protection – a business owner’s GDPR toolkit
- ‘Who are the data controllers and data processors within an organisation?’
- Know what to do if something goes wrong.
If a data breach is discovered people need to be informed.
The owner of the company, the person whose data has been taken and the Information Commissioner’s Office (ICO). In some cases, the police may need to be informed too.
You do not need to report every breach to the ICO.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.
To report a data breach to the ICO go to their website and fill in a form.
Know people’s rights…
This article gives you the official information about what people’s rights are.
There’s help at hand!
Use our GDPR checklist to make sure you are doing everything you can to be compliant with the GDPR.
Better still, contact us today and we can explain it all.
Adrian Mc Garry