My Data Protection Diary: Start the year with the top 5 tips to be compliant with the General Data Protection Regulation (GDPR).
Welcome 2022, a new year, new goals and aspirations, and a new page of the data protection diary... so you don't forget the essentials for your data security portfolio to manage the privacy of your customers’ data!
Not everyone sets aside a portion of their budget at the beginning of each year to implement or overhaul their data protection system... and the most common response we hear is' I did it last year, it's not necessary'!
It might not be necessary, if once you’ve read this diary entry, you’re confident that you’ve got everything in place across your organisation that I’m about to mention in our Top 5 Tips!
... this is where the first meeting with Kellie of 2022 begins: 'Kellie, today I have no questions about current issues, but only your recommendations for companies to start the new year in the best possible way.’
Organisation of ideas and ready for our session!
K.P.: Here are my 5 essential tips for an organisation to comply with the General Data Protection Regulation (GDPR), and to reduce the risk of experiencing a data breach, scams, or large fines.
- Make sure you are registered with the Information Commissioner Office (ICO). So, whether you are a director of a limited liability company, a partner in a partnership, or a sole trader who runs his or her own small business, you need check to make sure whether you need pay the ICO's annual registration fee. If you process personal data as part of your core activities, you must register and pay the dues annually, unless you fall into the exempt category.
If you want to get more information about whether or not you should register, please check here: https://ico.org.uk/for-organisations/data-protection-fee/self-assessment/
- Make sure you have well-trained staff, that you’ve covered their responsibilities to keep personal data secure in their day-to-day activities. Researchers from Stanford University and a top cybersecurity organisation found that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cybersecurity problems. Investing routinely in regular training to make sure your staff are up to date on your expectations of them when handling customers' data is essential. Having your workforce trained on your data protection policies and procedures means that the company is likely to have high standards of processing information.
- Make sure you have a clear procedure for dealing with scams. It is incredibly important to make sure that your staff can identify a phishing email, text message or phone call, and know how to promptly report them. Consider conducting your own fake phishing scam to identify how many staff are likely to fall prey to a scam. Speak with your IT team, about the measures they have put in place to reduce the volume of phishing emails. We even hosted a free webinar on the subject as we are concerned by the significant rise in scams that our clients were noticing, you can watch the recording here:
- Make sure your actions comply with the principles of the GDPR... a good percentage of organisations fail to comply with the transparency requirement, potentially resulting in complaints from individuals and high fines to pay. Some of the highest fines of 2021 were handed out to those companies who weren’t transparent with their stakeholders or made it too difficult to find out the following:
- how you handle their data;
- why you collect data;
- and where the data are stored.
- Following the pandemic, Hybrid working is the new approach adopted by many organisations around the world. Now that you’ve changed your company’s approach to working, you’ve also updated your policies and processes to reflect your new approach, haven't you? The most common answer we hear is, 'Oops, no we haven’t updated our policies and processes yet’. Well, hurry you still have time to do it.
G.P.: Thanks Kellie for the top 5 tips every organisation should follow to improve GDPR compliance.
Yes, 5 top tips like the 5 stars that you would like to receive from all your customers, right?
The 5 top tips are part of the quality process of your 5 stars... protect your data and your reputation and enjoy a 5-star review every time.
See you at the next session and if you have any questions on how to achieve a 5 star review for your data protection, please do not hesitate to contact me.
See you soon, Giulia xxx