The GDPR comes into force as of May 2018. This far reaching piece of Data Protection legislation really shakes up the private sector, giving private individuals a lot more rights, and gives private companies a lot more responsibilities. Crucially, those responsibilities can come with a hefty fine if they're breached - up to 2% of your annual turnover, or €10 million.

To be absoutely clear, the GDPR applies to any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to your data. That includes mailing lists, customer lists, orders, enquiries and emails and covers any information stored electronically, or on paper.  

In this series of articles, we are going to provide some general guidance on some of the basic elements of the new Regulations; how they affect you and your website. Do remember that this legislation represents a new legal requirement. That means that if you have any concerns, seek legal advice. 

We have created a sample GDPR Privacy Policy, which may help you prepare for the GDPR. Feel free to click here and add it to your website!

Protecting Data

In your day to day life, you handle a lot of personal data. Where you're responding to emails, placing orders, or marketing your products, you're interacting with people, using their information. Assuming you've collected that data legitimately, there's no issue with any of that. 

However, once you've obtained the information, you need to protect it from unauthorised access. 

The consequences of a data breach can be catastrophic. Identity theft is a very real threat, and it is your responsibility to protect your customers. 

Luckily there are a few basic principles you can follow. 

  • Physical security: locking doors, adding alarms
  • Digital security: passwords and encryption
  • Proper training: educate your employees
  • Restrict access: keep everything 'need to know'

Lock the Door

If you are holding personal data in the office, you need to put in appropriate security measures. Put your orders book under lock and key, buy an alarm, invest in security cameras. 

If someone breaks in and steals your database, it's going to be embarassing if you haven't taken suitable precautions. Worse, it'll be expensive when you get a fine!

Luckily, when it comes to your website, all of your data is stored off site in secure hosting facilities. These state of the art centres operate rigorous security protocols, making sure that noone can get direct access to the data. 

Digital Encryption

Locking your data away is all well and good, but when it comes to digital information, you have to think beyond physical precautions. Encryption and electronic security both become essential.

Any system has a weak point, and that's the point of access. If you can just log in to someone's computer, it's easy to reach anything you want. That's why we use passwords. Every system you use should be protected by a password to prevent unauthorised access. 

Beyond that, you need to have chosen responsible suppliers. Even when it's being stored, data should be encrypted and hidden away, so even if someone gets access, information is rendered incomprehensible by the encryption.  

Knowledge is Power

It doesn't matter how many safeguards you have in place if people don't know about them. Educate your staff in best practice. 

Do they know that they shouldn't write their passwords down? Or that important information should never be left out in the open? Have you told them that they should be shredding documents that have no further use?

At Iconography, we make the effort to ensure that everybody at the company understands their responsiblities; what that means to them day to day, and how their actions affect the company. 

Need to Know

Not everyone has to have access to personal data. If you want to reassure your customers, make sure that only essential personnel can find it.

For example, if you employ someone whose sole job is to update stock on your website, make sure you limit their access privileges. It gives additional security, and also makes it harder for mistakes to happen. If they can't see something, they can't break it!

The same goes double for any third parties you employ. If they don't need access to data, don't give it to them. 

By enforcing these restrictions, you reduce the liklihood of mistakes and make your data much more secure. 

1st January 2018