Of 23 personal data requests made to companies in the UK, 74% failed to address these requests from individuals seeking to obtain a copy of their personal data, within the one-month time limit required by the GDPR.
And, in the last year, fines totalling over £49 million have been issued to 91 companies around the world for failing to follow GDPR rules, including nearly £44 million against a single organisation. Although the European Commission did not levy the full 4% of the companies’ total global revenue, which they could have done, it’s still a sizeable sum.
If you want to put in place some simple steps to help your organisation comply with GDPR, here are a few guidelines:
1. Train your brain
Everyone that handles data, in whatever form, should understand the GDPR and what they need to do with personal and confidential data. Your policies need to be regularly reviewed and anyone joining the organisation should be trained in proper data use and security.
Processes for handling personal data requests must be in place, all people made aware of GDPR time limits and what to provide, and not provide, in the event of a personal data request.
2. Remember paper
While it’s easy to think about digital technologies and the use of email when it comes to the GDPR, any personal data stored on paper should be used and filed away just as carefully.
Consider lockable cabinets and box storage for paperwork that needs to be kept but not left out where anyone can see it.
When paper-based data is no longer needed for the purpose for which it was gathered, it needs to be securely destroyed.
Secure cross-cut shredders, that can cut A4 paper into hundreds of pieces, should be deployed in every work area. These could be deskside in places where confidential information is likely to be in use, including HR, finance and legal.
4. Prevent visual theft
Busy open working environments can lead to people viewing the contents of others’ screens. This can also be an issue when people are working in public places, such as in cafes or on trains, because it can lead to ‘visual theft’. This is when an unauthorised individual can view, memorise or write down personal and confidential details.
As well as taking extra care when working with personal data on a screen, consider using a privacy filter. Privacy filters protect devices by blocking the view of the screen to all but the user, allowing them to work more securely.
5. Encrypt digital data
If personal and confidential data has to be transported, it should be stored on a password protected, encrypted USB drive.
Hardware encrypted storage solutions can safeguard data with high strength, military grade security features. They can protect sensitive data from unauthorised access and accidental loss, with built-in encrypted backup.
6. Print securely
Many printers store user credentials and sensitive data such as print jobs. If these are not encrypted or regularly erased there is the chance confidential details will be accessed.
To make sure sensitive documents cannot be retrieved by any user, ensure all printers work on a pull printing requirement. Be aware that anyone with access to printer settings can exploit permissions if the settings aren’t restricted to admin-only access.
With Banner you can..
make your organisation GDPR compliant. For more information contact our technology team at firstname.lastname@example.org.