Most of us will remember the panic surrounding the millennium bug and all of us will remember the hysteria in the run up to the introduction of GDPR in May 2018. Admittedly, the world didn’t end in either case. However, both events had a huge impact on some businesses – pushing them to their wits end.
To illustrate the point, GDPR has cost firms a cool €56 million since its introduction in May 2018 with some insiders suggesting regulators are just getting warmed up. But what is it really about?
Before GDPR, data protection was a fragmented landscape offering little protection for people’s personal data in an increasingly digitised world.
Enter GDPR! Along with Cyber Essentials and other standards, it essentially forms a framework for you to use within your business to not only protect your client’s data, but also protect your business’ data.
Despite the publicity (and panic) surrounding GDPR, many reports suggest that some SMEs still misunderstand the new regulations and are therefore not fully compliant one year down the line. This leaves them extremely vulnerable to data breaches and a loss of consumer confidence.
Although compliance doesn’t guarantee that there won’t be a data breach, it does mean companies are better equipped to respond and react in a worst-case scenario and more importantly, protect their customers – hoorah! As the old saying goes, it’s not necessarily about what happens, it’s about how you react that matters.
One way regulators are forcing businesses to adapt is the annual data protection fee. As part of GDPR and under data protection law, every organisation or sole trader who processes personal information must pay a data protection fee to the ICO, unless they are exempt. But some sectors have taken a big hit, with thousands of companies failing to pay their annual data protection fee, incurring an even bigger fine.
So, what’s the BIG POINT that so many businesses are missing?
Some businesses continue to use ineffective methods of data storage such as memory sticks or outdated spreadsheets full of personal data – naughty, naughty. The information then dominos from one person to the next and responsibility becomes hazy. This haphazard approach to the protection and storage of personal data is what GDPR is effectively targeting.
And trust us, we get it, data protection can be time consuming and detract from the running of your business. But if we want the big boys to play correctly and protect our data and our privacy, the same rules must apply for any business.
After looking at many client websites, we’ve spotted recurring issues that naturally drive us crazy, but are easy to fix to protect your business:
-Ancient data, gathering dust: If you don’t know what it is, what it’s for or who it belongs to then please clean it up! It’s good practice to then implement a regular process for cleansing and cleaning data to make sure you’re on top of it – think of it as like cleaning your house!
-Put a pin in it: Common in the education sector, some staff still don’t have a pin to unlock their mobile phone with. If this phone fell into the wrong hands, it would be catastrophic for pupil safeguarding. Please put a pin on it – now!
-Leavers that haven’t left: Some businesses say goodbye to staff but don’t secure the company data they had access to when they’re gone. Make sure when someone leaves, they can’t log into anything or access personal data they used to access.
So, what can you do?
There’s plenty of effective solutions that you can easily implement to ensure data is being stored correctly. Document management systems or online services such as SharePoint Online offer intelligent ways of managing and integrating data and deciding if the data is current and up to date.
Sourcing a trustworthy and reputable data protection expert can help you mitigate any risks that GDPR poses, identify vulnerabilities and implement the necessary solutions – ensuring your systems are fully compliant.
Here at Infuse, we can do just that. We don’t have ancient data gathering dust, phones without pins or leavers that haven’t left! We take the time to evaluate your existing tech environment and put together a strategic plan to alleviate any potential risks and assure GDPR compliance for your business.
Get in touch with one of our advisors today by emailing [email protected] and let’s talk about data security!