In the wake of the UK’s Brexit vote this year, it remains to be seen how the EU General Data Protection Regulation (GDPR), slated to come into effect in 2018, will impact on British businesses in the long run. Businesses have until 25 May 2018 to prepare for GDPR, which sets out uniform rules for data protection rights across the EU, as it will have direct effect on all member states from this date.
Any company – no matter whether it is inside or outside the EU – that deals with data of European citizens will have to abide by the GDPR. We are clearly living in an age when data protection is becoming increasingly regulated, so here are a few tips that will help your business tighten up its policies on customer data.
1. Don’t forget your updates
Some companies, including SMEs, fall into the habit of running their software updates during quieter periods when they envisage less disruption to day-to-day business. However, pushing back these required patches could increase the potential for an attack which could compromise your customer data. There are hackers who are always on the lookout for new methods of exploiting gaps in security, so be prepared to sacrifice time and, where necessary, invest in new ways to secure your network.
2. Keep an eye on sensitive personal data
Sensitive personal data – such as political or religious beliefs or information about health or sexual orientation – is the customer data that you should be especially wary of allowing to fall into the wrong hands. You should know exactly who has access to your customer database and change passwords regularly.
3. Clarify your privacy policy
Ensure you have a comprehensive privacy policy which clearly explains to your customers how their data will be used. Building trust between your organisation and customer base should be a priority, and you will find customers are more likely to voluntarily share their personal information with a company they trust. Don’t risk legal issues and damage to your reputation by failing to explain to your customers how their data is collected and used.
4. Don’t store what you don’t need
Keeping hold of personal customer data which you no longer need is a breach of Principle 5 of the Data Protection Act. Information such as names and addresses might be useful to your marketing objectives, but storing data such as credit card details is often not required and is simply adding to the risk should a security breach occur.
5. Utilise encryption
Encryption technology should be used to ensure an extra layer of security is provided. Encryption basically encodes data so that only users with access to the correct ‘key’ can read that information. It works by providing a safeguard against the unlawful access of data.
6. Assess security across your supply chain
It is also important that the vendors and partners with whom you work are able to demonstrate a sufficient level of security, particularly if they have access to your customer data. Always ask third parties about their security procedures before you provide them with access to your IT systems or customer databases.
7. Form a disaster recovery plan
Are you prepared for all eventualities in the scenario of a cyber-attack? You should have a plan in place. If not, consider creating one to protect your customer data and ensure the continued smooth running of your organisation.
8. The importance of testing
Your in-house IT support, or a trusted outside agency, must test your system regularly in order to identify potential vulnerabilities that could lead to the exposure of customer information. Cyber security experts or “white hat” hackers can also be brought in to examine the robustness of your security measures.
9. Bake customer data protection into your company culture
The employees in your organisation should be given training on how to handle customer data properly. They must know the correct procedure for reporting any data breach (e.g. if one of their passwords is compromised). Extra security can be added by implementing a two-step login process for employees.
10. Get the right legal advice
Should the worst happen and a security breach occurs, not only damage to your organisation’s reputation but a financially crippling court case could feasibly be on the cards. That is why you need to understand your obligations, regarding customer data. A data protection lawyer can help decide on the language you use in your privacy policy and contracts with business partners.
At Simply-Docs, we have a wide selection of ready-to-use documents that will help you create IT and data protection policies. To talk more about how we can help you build procedures to protect customer data, simply contact our friendly team today.