If you’ve been on the internet at all in the last few months, then you probably will have heard about GDPR. But if you don’t understand GDPR there’s no need to worry, you’re not alone. Less than one in ten UK SME leaders understand the new GDPR rules…
With the ever-changing landscape of the online world, GDPR is something that should have been introduced a long time ago. And it’s something that business leaders need to take very seriously. Did you know the AVERAGE data breach in 2017 cost businesses £2.48 million?
If you’re new to GDPR or want to find out a bit more about it, this guide should help clear things up.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is the new UK data protection law which will be introduced on the 25th May 2018, replacing the current Data Protection Law from 1998.
It has six main principles, replacing the eight principles of the current law. These principles mainly focus on ‘accountability’, which means that your business will be held accountable for any data breach. Businesses that fail to meet these new regulations will receive a fine of either 4% of their global turnover or €20 million; whichever of the two figures is larger. Brexit won’t change this either; the UK government confirmed its intention of bringing GDPR into UK law following their withdrawal from the EU…
What does this mean for businesses?
Understandably, this is something that could have huge implications on businesses. With this focus on accountability, it’s your job to do everything you can to prevent any breach of customer data. And in the unfortunate scenario of a data breach, that you deal with it in an appropriate and timely manner.
The new regulations mean that all data breaches need to be reported to the Information Commissioner’s Office (ICO) within 72 hours. Businesses will also need to put a process in place for dealing with data breaches. This includes considering customer privacy with your services and conducting ‘Data Protection Impact Assessments’. You’ll need to appoint a Data Protection Officer as well, and this can’t be yourself.
1. Follow the GDPR regulations
It sounds obvious, but if you want to protect your customer data then make sure your business follows the new GDPR regulations. According to a recent study, 12% of IT decision makers are more concerned about the price of security products than whether they meet the GDPR requirements. This is a very worrying figure, suggesting that a lot of decision makers still don’t understand the potential consequences of a data breach.
2. Use the latest encryption software
Whilst encrypting your customer data doesn’t guarantee security, it can be a major deterrent to hackers. It also means that if your business does fall victim to a data breach, any personal data will be a lot more difficult to access.
In short, encryption software scrambles any text to make it unreadable. It’s been used for a long time by global enterprises, governments, and security companies. But it’s becoming a lot more accessible for smaller corporations. Some would argue that it’s a necessity for any business operating online. Techradar has listed what it says are the five best encryption software tools out there...
3. Limit access to customer information
This may not feel completely necessary, but any unneeded data touchpoints are just additional ways in for hackers. Limiting access to customer information to only the people that need it can help prevent a data breach.
For example, if you use a central CRM system like Salesforce it could be a good idea to restrict access. Does your Marketing Executive really need access to the Sales Dashboard of your CRM? Take an in-depth look at each current data touchpoint and ask yourself, “is it really necessary?”
4. Only collect the data you need
Similarly, any unnecessary data is just additional customer information for hackers to steal. Only collecting the data that you need can be a good way to limit the severity of any data breach. And instead of using personal information to sign in, encourage customers to create a username.
5. Implement a company-wide data protection policy
All it takes is one unaware employee to compromise your whole database. Implementing a company-wide data protection policy which guides employees how to keep personal data secure can be a great way to prevent this.
It can also help to offer regular employee training courses on protecting customer data. New security risks arise constantly, so it’s important to keep your employees up-to-date with any new threats.
As we’ve mentioned, GDPR is certainly something that you need to take seriously. With the risk of a €20 million fine, on top of the cost implications of the data breach, this could put a lot of companies out of business if dealt with incorrectly.
Want to stay up to date with our latest business and productivity tips and news? Why not subscribe to the Carrwood Park business blog?
Looking for high quality serviced offices in Leeds? We’d love to show you around Carrwood Park! Arrange a viewing at our luxury business centre now…
