— Written by Lela Draganic
If you’re a business owner in 2019, one thing is true for you and every other owner: whatever business you’re in, you’re in the business of data privacy and cyber security. Data privacy regulation and security are now general management topics and something every company needs to think about. If you have a website, social media profiles, use email, process payments online or use online banking, use software of any kind- you can’t ignore the obligations that arise out of running a modern company.
The same way you think about locking up your store or office at night, manage your accounting and finances responsibly, the same has to be done with your data. And it’s not just your customer data that you have to think about and protect. You have valuable company data on your devices that includes sensitive documents, information on your employees, all of which can be a liability if it gets stolen or lost.
The GDPR has become the golden and global standard on how to manage information of natural persons, and has forced companies to focus more on data protection. If you’re not sure if your organization is in alignment with GDPR requirements you’re not the only one wondering, since a large number of small and medium-sized businesses just started working on their compliance. Nevertheless, you can start by answering these 10 questions:
- Do you know at which point the data of your customers and leads becomes your responsibility? When do you start processing or storing it?
- Do you know what qualifies as Personally Identifiable Information and are you collecting? Are you collecting data for a legitimate business purpose or are you just recording everything you can in bulk?
- Personal data is being collected and managed at all levels of an organization. Employee data, customer data, general data about the company. Do you know who needs to understand data privacy? Are your employees aware that GDPR exists?
- Are your employees aware of what they need to do with the data they receive or store from customers or clients?
- Do your employees bring their own devices to work and do they store company data on their personal laptops and phones? Is that data safe on their devices?
- In case there’s a breach or you have to shut down your systems, do you have a copy of that data somewhere? Will you be able to retrieve it easily or are you going to shut down your business for a couple of days to deal with the crisis?
- If a customer calls you and asks that you hand over all the data you have on them, will you be able to find that data? Will you be able to export it all in a digital format your customer can easily read?
- Are you storing any data in physical form? Most of your data will be stored online and in digital format but the GDPR also addresses any paper records and files. Those have to be accounted for and protected as well, and if your customer wants their data deleted, you have to destroy any physical copies.
- Do you know who has access to certain company accounts and data collected through those services? For example, if you have a Twitter or Mailchimp account, do you know who has access to them?
- In case a breach does happen, do you know which Supervisory Authority you need to report to? Even if your company is not based in the EU, you may have data on EU citizens or residents, which means you have to disclose the leak to an EU information commissioner, or your own country may have very specific regulation on how to handle data breaches.
Thinking about these questions and answering them will put you on the road to better data privacy and cyber resilience. But this is just the start. To ensure you did the equivalent of financial due diligence you have to think about which tools you’re using, whether your employees are appropriately trained, and if you’re in compliance with different regional, national and international regulation that tries to protect individuals and companies from misuse.
The good news is that you don’t have to go onto this journey on your own. We can help you answer these questions, and much more. You’re already an expert at your own business and have a lot on your mind. Let us take care of your organization’s safety for you.