GDPR - its never too late to start

January 25, 2020

'How do you eat an elephant?' One bite at a time

Current estimates suggest one in four companies in Ireland are yet to implement GDPR. In smaller companies with less than 10 employees that number is certainly higher. With an increase in security breaches and ransomware attacks, customers and website visitors are now much more aware of GDPR and with it, their rights to data privacy. Don't get caught out.

If GDPR is still on your list of 'to do's', fear not —we've got you and its never too late to start. Take it 'one bite at a time'.

Start with where you're visible and where you're vulnerable.

Visible: Your Website

Most websites will collect information aka personal data. If you have an email sign up form to capture leads or a live chat function or even a simple contact form make sure to do it right. At the point of capture, let them know why you need the info and what you'll do with it. If its linked to Mailchimp or Survey Monkey or Jotform for example, follow the links here to make sure its done the 'GDPR way'. Two simple rules are:

  • Link it to your Privacy Policy which sets out the who, what, where, why and how the data is managed
  • Get active permission or consent; they need to tick the box to say yes
  • Publish a Privacy Policy on your website. If someone visits your website and doesn't see a Privacy Policy thats a red flag that you've absolutely no GDPR in place. You may have great systems and security in place but you need to document it.

Vulnerable: Poor Security

A security breach is your worst nightmare. Personal data breaches include incidents that are the result of both accidents (such as sending an email to the wrong recipient) as well as deliberate acts (such as phishing attacks to gain access to customer data).
This includes situations such as where someone accesses personal data or passes them on without proper authorisation —an employee taking your list of clients when they leave for example. Or where personal data are rendered unavailable through encryption by ransomware, or accidental loss or destruction.

  • Are all your passwords on an excel spreadsheet?
  • Do you use the same password on multiple accounts?
  • Are you sending invoices as unencrypted pdfs?
  • Do you back up all your data?
  • What data do you store that if released on the internet would have serious consequences for your customers?
  • Have your staff had any security awareness training?

When you break it down, all you can do is tackle it one job at a time.Visible and Vulnerable is a good way to triage your list. We help you break it down into tasks you can do yourself and tasks you can hand over to a professional. Take that first step.... get in touch today.

Wisdom consists not so much in knowing what to do in the ultimate as in knowing what to do next —Herbert Hoover

Data Influence blogs and stories are provided for information only, not legal advice. Always consult your lawyer on legal matters.

Find the value in Data Protection
The most valuable asset in your business is your people.
Next is your data.
Protecting your data makes good business sense.
Start Now