It’s nearly been a year since GDPR regulations were brought into force. Remember it’s arrival? That mix of emotions, concerns, anxiety and then finally relief when the world didn’t change overnight?
Well, the rules are now in place, the first companies have been fined for breaches and it’s still essential (and legally imperative) that you comply with the regulations.
So, how far did you get?
Perhaps, like many others you:
- Started gearing up for GDPR
- Conducted some internal research – perhaps even a full audit
- Put a few things in place in the company
- Cleaned-up customer and supplier data
- Sent out an opt-in email and then…
Forgot all about GDPR?
The good news is, you’re not alone. But there is probably still some work for you to do. The Information Commissioner’s Office (ICO) has a job to do and has already fined Heathrow Airport £120,000 after a USB stick with ‘sensitive personal data’ on was lost and fined Bupa £175,000 for failing to have effective security measures to protect customers’ personal information.
And of course there are some competitive benefits of embracing GDPR:
- It demonstrates to your customers that you care and can be trusted
- It provides an opportunity to streamline workflows and ease the process of taking on a new clients, only obtaining relevant information.
- It protects your hard-earned businesses reputation.
So, if you are ready to complete the job you tried to start a year ago but got fed up with email opt-ins yourself, here are Timewade’s Five Simple Steps to Compliance that you can do fairly swiftly.
Train employees – Provide your team with engaging ‘in person’ training on how to handle personal data – and provide refresher training every 12 months. Timewade offer onsite training to all their clients every 12 months.
Know where data is and audit data access. Do employees have access to more than what they need to do their job? Protect them, your customer and your business by providing access to only the files required.
Encrypt laptops to protect them from unauthorised access. Data can be obtained from a unencrypted hard drive very easily in the event of loss or theft.
Consider email encryption – “sending an unencrypted email is as private as sending a postcard” – either don’t send personal information via email, or encrypt it for protection and peace of mind.
Implement 2 factor authentication (2FA), 2FA protects against unauthorised access to data by ensuring that the person logging in really is the person that is authorised to do so.
If you need help with going GDPR compliant, if you need a trusted tech partner to help drive this forward in your organisation, then talk to Timewade.
Don’t assume you’ll never be caught – do something about it. Your customers are depending on you.
About the author: Jordan Westcott – Senior Technical Consultant, Timewade