Franchising · 30 December 2019

The importance of ensuring GDPR compliance

Avoiding falling foul of the risks related to non-compliance with the General Data Protection Regulation (GDPR) is crucial for businesses, not only from a financial perspective but, to protect their reputations as well. However, while GDPR has been in place for well over a year, it is imperative employees and companies do not become complacent as time passes.

When GDPR was first introduced, quite rightly, there was a huge amount of media coverage and attention paid to this powerful legislation. However, just over a year on, it’s no longer featuring across the news pages in the same way and, this can mean that it no longer gets the same attention in a company either.

More can be done

In-depth research within numerous workplaces suggests that employees and businesses believe more can be done to ensure compliance with GDPR.

For example, a survey released in September 2019 of UK GDPR decision-makers conducted on behalf of Egress, revealed that 52% of businesses are not fully compliant with the regulation, even now, more than a year after its implementation.

The survey also found that 37% of respondents had reported an incident to the ICO in the past 12 months.

Fines can be huge

It is worth remembering that the maximum fine for a data breach, regardless of it being a physical (paper-based) or a digital breach, is up to €20 million or 4% of a company’s preceding global turnover, whichever is greater.

Notably, not only is the financial risk potentially huge, but the impact on a company’s reputation is also significant, therefore non-compliance could be disastrous.

For most companies who invested extensive time and resources into ensuring compliance when the legislation came into force need to continually re-evaluate any potential areas of weakness regarding GDPR.

This is due to changes within the legislation as time goes on and as other business and operational priorities come into the picture.

So, here are my top tips to help your business become GDPR-compliant.

1. Shred!

Any non-essential printed documents no longer needed that containing sensitive data should be stored securely or shredded immediately; either by a personal/office shredder or by specialist third-party service providers.

• Personal/office shredders come in a range of grades from P1 to P5: – P1 is a strip cut, offering very basic security.

– P5 is a cross-cut shredder where a single sheet of A4 is cut into thousands of pieces, providing the most secure way of destroying paper documents in an office.

• Specialist third-party confidential waste disposal services, such as Lyreco Shredding Service, can provide lockable bins to ensure your confidential documents are stored and transported safely and disposed of on your behalf.

2. Encrypted portable devices

Use encrypted USB hard disk drives (HDDs) and USB pen drives to transport confidential documents and digital data around.

These devices are protected via encryption by either fingerprint or keypad number-entry access. So if your devices are misplaced, stolen, or left with a client, you can ensure your business remains your business.

3. Physical data

Use a document scanner to digitise confidential paper files and then dispose of them in a GDPR compliant way. Of 598 data security incidents between July and September 2016 recorded by the ICO, 40% were attributed to paper.

By using a document scanner to digitise confidential paper files and then dispose of them in a GDPR compliant way, it is possible to reduce the amount of sensitive paperwork in an office and simplify data management.

4. Dispose of, recycle or resell old technology securely

shared space wont work

Ensure any old laptops, tablets, phones or PCs are clear of any data when it comes to disposing of, recycling or reselling them.

It is important to understand how both physical and digital data prove a risk if not managed and destroyed in a secure way.

Everything which has sensitive information printed on it, or stored within it, must be disposed of or stored in a GDPR compliant way, including within the supply chain.

While many companies will be ensuring GDPR compliance is covered in the fundamentals of operations, it is always worth refreshing on what it means and how a business is operating as the risks of falling foul are too great to ignore.

Sign up to our newsletter to get the latest from Business Advice.


 
TAGS:

ABOUT THE EXPERT

Andrew has over with 11 years’ of commercial experience working with industry-leading brands to generate best in class customer experience through effective procurement. He's currently responsible for the IT, Technical & Extended Range Category at Lyreco, possessing a comprehensive set of skills to drive innovation and change in an established business environment.

On the up