You’ll know all about GDPR by now...remember those emails from companies asking if you wanted to ‘opt in’ or ‘stay in touch’ with them? They were businesses — whether you are a regular customer or you unintentionally signed-up to their mailing lists — scrambling to operate within these new EU regulations.
But what is GDPR? GDPR (General Data Protection Regulation) is a new data protection initiative. It was implemented in Europe on 25th May 2018 to standardise the way companies store personal data about their customers and employees.
Related article: HR and GDPR - one year on
The regulations are in place for greater transparency, and so that individual data isn’t collected and harvested without prior consent and knowledge. In short, all consumers should now know which companies hold data on them — either telling them to forget this information or carry on as usual.
We’re truly in the age of ‘big data’. In addition to ensuring your organisation is not breaching GDPR, you must also protect sensitive information about employees and customers, especially information that will become costly if it were to fall into the wrong hands.
From educating employees on the benefits of data protection and encouraging due diligence, to improving physical and digital security, here are our top 5 data security tips for your business.
Make data protection part of the conversation
Onboarding is vital in any business for making sure new employees are up to speed with company processes. Data protection should be introduced early on, with conversations highlighting why data protection is important and implications for not complying explained clearly.
Arrange training sessions
You might have already held GDPR training sessions. If so, that’s great. If not, you should certainly consider making sure every employee is aware of what it means. You might also consider running frequent refresher sessions and remember to hold updates where any new processes are introduced.
Install physical and digital security
In the digital age you shouldn’t forget about physical security. By that we mean ensuring that all devices are protected with strong passwords and that stored data is encrypted. Other ways to protect devices include securely locking them away in the evenings if they’re left on your premises, or taking devices home in the evenings to minimise disruption if there is a break in.
Physical security measures include:
- Locking away servers and devices
- Continually monitoring who is on the organisations premises
- Setting up on-site surveillance
- Making security policies readily available
Digital security measures include:
- Installing a strong firewall across all devices and locations
- Making sure employees use strong and regularly updated passwords
- Monitoring your wireless network and ensure it is secure
- Regularly backing up essential data and files
- Encrypting data
- Blocking suspicious websites susceptible to malware, ransomware or phishing
Consider the data the company keeps
You’ll likely have lots of old emails that you just don’t need anymore. There’s no need to hoard thousands of outdated messages, so make sure you delete them properly. By properly we mean overwriting the files so that nobody can access them months or years down the line, coming back to bite the organisation.
Comply with GDPR
As outlined in the introduction, GDPR is here. Make sure you’re complying with its regulations by not keeping records of employee and customer data longer than required. Towing the line will make sure you avoid hefty fines. Future you will also be thankful that, should it happen, a hacker or even somebody trying to physically steal information, will not gain access to a wealth of data and files that might affect customers and employees.
To find out more about how HR software can help SMEs stay GDPR compliant, check out our Managing Director Jon Curtis' webinar on the subject.
Also, check out our blog post on how to choose GDPR compliant HR software.
Written by Fiona Sanderson
Fiona is Marketing Manager at myhrtoolkit. Her areas of expertise include HR systems, productivity, employment law updates, and creating HR infographics.