We're now more than seven months on from the European General Data Protection Regulation (GDPR) deadline on 25 May 2018 – how confident are you that your small business is fully compliant?
A new survey of 1,000 small business owners has revealed that half are confused by the rules, according to the Independent.
This indicates that the data of millions of customers and employees are being left at risk as some small business owners admit they’re ‘clueless’ when it comes to data security.
The survey was commissioned by Aon. Chris Mallett, a cybersecurity specialist for the firm, said: “As the results show, many businesses could be in breach of GDPR – most likely without even realising it.
“Visitors books, allowing staff to use their own mobiles for work purposes and even seemingly minor things like distributing sponsorship forms around the office carry risk.
“Yet these sorts of things are commonplace among businesses big and small across the UK.”
But we all know that not knowing the rules is never seen as a valid excuse, so read on to see if you’ve made these common security mistakes. They could see your small business slapped with a fine running into the millions.
More than a quarter of businesses surveyed made this mistake. Letting your staff use their own laptops and devices for work purposes allows unencrypted customer and employee personal data to be stored at home.
10 per cent of businesseses made this mistake. It's a seemingly harmless way for guests to note their visit to your place of business, especially if you’re in the hospitality industry. But the problem is that this presents visitors with freely available information on others.
Keeping a paper diary might be preferable to doing everything on a screen for some business owners. But as it could include private details about customers, this too poses a privacy risk. 26 per cent of businesses polled made this mistake.
This is a clear GDPR contravention, as printing and distributing sponsorship forms tends to include names and addresses of individuals. One in ten businesses made this mistake.
Further contraventions by the small businesses polled include cases studies in training materials that reveal the full details of featured individuals (25 per cent), and distributing promotional images of employees that display their unobscured name badges (16 per cent).
Paper records were another hazy area for those surveyed. The results revealed that not all small businesses are aware of their responsibility to get rid of paper records securely and confidentially.
More than half aren’t aware of their obligation to get rid of paper customer records. That figure jumps to 71 per cent for staff records, 78 per cent for meeting minutes, and 81 per cent for visitor books.
Further to that, 10 per cent don’t realise that losing paperwork can count as a data breach and 36 per cent aren’t aware that posting, emailing, or faxing personal details to the wrong person could also be a breach, according to the Independent.
Did you know that you’re obliged to notify the Information Commissioner’s Office, as well as all those affected, if your business has a data breach that affects individuals’ rights? Six in 10 of the small business owners polled didn’t.
With the risk of being fined running high in the event of a data breach, it may come as a surprise that 45 per cent of business don’t even consider it when taking out business insurance.
Are you fully up to speed on the rules around GDPR? Let us know your thoughts in the comments below.
We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2020 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.