Let’s throw it back to the week of May 21st, where we related to this pug on a deep level. It was full of late evenings at the office, manic emails from the boss and worried calls to your trusty IT provider (don’t worry we didn’t mind)!
This was the time of GDPR.
But how about now, have we forgotten all about it?
You probably took the necessary precautions at the time and are a bit more wary when you stumble across a list of data and can’t remember why you have it. But yes, we can all agree that it doesn’t cross our minds as it did a few months ago (which is probably a good thing – balance is key). However, you should most definitely still be thinking about it.
Well, let me tell you…
You may not have been affected by the regulation yet but many have. Have a look through the recent action that the ICO have taken at http://ico.org.uk/action-weve-taken/enforcement/. After having a look through, you might be more tempted to have a check up on your security. Companies have been fined thousands and thousands of pounds because of many different reasons since May 25th including selling data, nuisance calls, mass emails, spam texts, failing to register with ICO etc…
A couple of examples that we found interesting:
– 07 June 2018: The British & Foreign Bible Society in Swindon, Wiltshire was fined £100,000 after their computer network was compromised as the result of a cyber-attack.
– 18 June 2018: Ainsworth Lord Estates in Darwen, Lancashire were served with an enforcement notice for failing to respond to a subject access request.
These two examples show how easily you can slip up. If you’ve stolen someone’s data or are emailing thousands of people that have opted out of marketing emails – you’d expect some backlash. Yet forgetting to respond to a request for someone’s information or just not getting around to making sure your security is the best it can be – is easily done.
What can you do?
It’s wise to have a regular check up on your security and to make sure you’re doing all you can to stay GDPR compliant.
• Do you know where all your data is?
Someone could send a subject access request (a copy of all the info you have about them). You’ll need to make sure you know where all your data is to fulfil this request. Organise your folders, spreadsheets, filing cabinets – anything that holds personal data so that you’re ready. Remove any old information that you no longer need to keep which will make things a lot easier for yourself. Don’t be in the same situation as Ainsworth Lord Estates.
You should always be taking a backup off-site. If you use a cloud backup solution, check with your provider that it’s encrypted. If you use USB drives/tapes or memory sticks – these should also be encrypted. Contact us to discuss encrypting your devices.
• Cyber Security
Don’t be an easy target for cyber-attacks, as not only could your network be compromised – you could be fined a lot of money. The British & Foreign Bible Society had to learn this the hard way for failing to amp up their security. You need effective, working anti-virus software (not just the free one that came with the computers.) Speak to us about the new generation of anti-virus.
Do you use a website like MailChimp for your email marketing? Hopefully, you got consent from all your subscribers to send them emails. If you are to add any new subscribers onto your mailing list manually – make sure you have clear, verifiable consent (like an email requesting to be added.) Also, have a look through your Sage – do you hold emergency contact details for your staff? You need consent to hold this kind of information!
• Your team
A good way of making your staff GDPR compliant is to make them aware of what you expect from them. They need to know where they can save their files, what they can access and the computer use rules of the business. There is an excellent piece of software called Panda Systems Management which monitors your devices to make sure all software is authorised, up to date and in line with GDPR. Contact us to discuss this option.
This is just a handful of things you need to continually check and keep an eye on to stay GDPR compliant. Unfortunately, it’s not going away, so you and your staff need to be working on staying secure every day. You do not want to risk being the next name on the ICO’s website of bad examples. If you have to splash out on getting decent anti-virus software or encrypting devices – it will be worth it when you see the amounts that businesses have been fined.
Thankfully we’re here to help and honestly advise you on what’s best for your business. Give us a bell on 01228 590900 or email us on firstname.lastname@example.org.