HR · 1 March 2018

The easily over-looked data privacy pitfalls that can cost your reputation

Is your business up to date with data privacy?
Is your business up to date with data privacy?
According to the government’s Cyber Security Breaches Survey 2017, nearly half of all UK business suffered a cyber breach or attack over a 12-month span.

The most common breaches were fraudulent emails for example, staff could have been sent emails trying to fool them into disclosing passwords or financial information. Viruses, malware and ransomware were also common.

Interestingly, the survey also found that businesses holding electronic personal data on customers were much more likely to suffer cyber breaches 51 per cent compared to 37 per cent of those that did not.

Recovering from a cyber attack can be expensive, and as a result it’s only to easy for a business owner to treat this as the real cost of a security breach. Yet, it is not the only cost. A cyber-attack, particularly one in which personal data is exposed, can have serious implications for a business? reputation, and in the long run, this can do far more damage.

Reputational damage

We asked some businesses why data protection is so important for a business? reputation, and here’s what they had to say:

data and its protection has changed so much since the old data protection rules were written, said Abby Blackmore, head of operations at Impero.

with the growth of the internet and computers in general, we now have more data than ever at our finger tips. Whilst we can’t fathom doing our jobs without this huge cloud of data, it means we are much more open to data breaches.

it is important to be on top of your data protection as clients and employees are now much more aware of the importance of their data and its safety and it is a very important responsibility they have trusted us with. I think companies need to show that they have taken that responsibility seriously, fines or no fines!?

Andy Carr of Spoon Customs, a handmade custom bike company, said: Were tiny, and don’t handle much data yet, but our customers expect the same level and standards as they would from anyone else.
we use a lot of outsourcing or web-based services such as Mail Chimp and Squarespace, which means a lot of our sensitive information is held or managed securely by these companies. We review our internal processes as needed.

I guess anxiety drives that, rather than immediate business needs just now, but as we get bigger, well need to think about how we scale all aspects of the business in a way that’s safe and manages risk for us and our customers.

the threat of losing customer trust, loyalty and confidence is potentially far more damaging than the financial fine when you consider the long-term cost to your brand’s reputation. Your customers need to know you manage their data in a compliant, rigorous and respectful way, said Helen Goldberg, founder, LegalEdge.

Easily overlooked

it’s not unusual for people to be a little precious about giving away their personal data. Think about the last time you wanted to purchase something online, but you werent familiar with the website did you hesitate before entering your card details?

We know this is a common experience of modern life nobody wants to enter their details and be bombarded with emails and calls from that same company and other related third parties from there on out.

We know business owners need to be careful with the personal data they hold, that they need to be respectful of their customers details. Yet one thing that is easy to overlook is how business store employee details.

‘some aspects of data protection are about common sense. This is one such area. We use consultants, to help us understand our exposure, and then we put simple systems in place to help us manage it. it’s not that onerous in this case, as I still run everything, said Carr.

at Impero we regularly review that our HR software is compliant, and that knowledge of employee data is available only to those who need it. Keeping the circle of access tight, and the software top tier, allows us to be sure we are keeping privacy protected, said Blackmore.

Of course, very soon, simply over-looking this area of data protection will not be an option or rather, to do so could risk heavy fines.



Letitia Booty is a special projects journalist for Business Advice. She has a BA in English Literature from the University of East Anglia, and since graduating she has written for a variety of trade titles. Most recently, she was a reporter at SME magazine.

Legal Advice