There is no shortage of information available from many different websites yet when it comes to what "should" you do, there is little freely available. You either need to attend a meeting or sit through a webinar. We've done two things.
Firstly, here is a guide we created last year which high-lights the different methods by which a GDPR breach could take place and some of the technical questions you can ask your IT team. You don't have to sign up for it, just click the link to download:
What about if you are a solo business professional?
Three quick wins which will help make you more secure.
- Encrypt your devices
Assuming you are using Apple Mac, in settings there is a feature called "File-Vault" you can switch on which will mean that unless someone knows your password (or you leave the system unlocked) they cannot access your data.
On a Windows system, You need to find out if you are running "Windows 10 home" - If you are, then you need to upgrade to "Windows 10 Pro" to take advantage of a feature called Bitlocker, which will allow you to secure your desktop/laptop.
When buying machines for your business, look at the business stores, the models are generally built better and you get Windows 10 pro for free.
Most newer mobile phones come with encryption as standard.
- Decide where you are storing data
Dropbox, Office-365, iCloud, Zoho, Capsule, Google Docs, Salesforce, USB sticks, e-mail, Quickbooks, Xero and Sage.
You may have seen these names before but do you know where and how they store your data?
Many companies can claim they are "GDPR compliant" but a key question is to ask "How" - What are they doing to ensure compliance? As part of GDPR any individual can question a business and ask about what personal data is being held and how it is being used along with what safeguards are in place.
The next question is one of geography. Where in the world does your data live? Many cloud tools store their data in America as it is far cheaper to store data there than anywhere else in Europe. Does this clash with your business procedures?
Make an intentional choice about the cloud providers you choose.
- Be suspicious
Last month a client of ours received the following email:
From: Terry Richardson [email protected]
Date: 21 February 2018 at 11:01
Subject: Permision to publish some pictures of your property
First of all I want to thank you for a wonderful time we had at your property this summer, I was invited by a group of friends to stay a couple of days with them at your beautiful home. I am a professional photographer working for a lifestyle magazine called Houses and I took the permission to take a couple of pictures. I would kindly like to ask for your permission to publish them in our magazine and I have attached them in the following Dropbox folder for you to view them. Also it would be much appreciate if you can forward your mobile phone number so I would publish it also in the magazine.
website link to dropbox site
Upon clicking the link in the email, our client could choose their email provider and enter their details. Companies large and small often fall victim to fake emails and fake phone calls which deceive you into handing over key details.
Be suspicious, even if the email is from a client you know well. Always be wary that something might be amiss.
Don't panic! but do take this seriously.
At the time of writing there are just 65 days left until GDPR goes live (May 25th, 2018) it is something that will affect every type of business and it is not something you can ignore and hope it passes by.
If you have not heard of GDPR or what it means, start with this guide by the ICO: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/