GDPR Week 2 – Personal Data Protection

As discussed last week, almost all small businesses will hold personal data to some degree. As part of our ongoing effort to make life easier for our customers, we are taking time to offer help and advice to prepare your IT systems for the new GDPR changes coming in to force next month.

This week we will be focusing on communications and online services. Under the new GDPR rules, you are responsible for how your data is stored and transmitted online. Below are some to prepare your online systems for GDPR.

Recommendation 1 – Email Encryption

As a data controller, you are responsible for the security of how your emails are both transmitted and stored. We have broken this down into two areas for your consideration.

Protecting your Email Store
Your email system is one giant store of personal information as it contains both names and email addresses which should be reason enough for you to have registered with the ICO as discussed in last week’s GDPR update. We recommend that you encrypt your machine to protect this data store from being accessed without your encryption key.
Protecting Emailed Personal Data.
Every time you correspond with a client or an employee, it is now your responsibility to ensure that you protect any personal information. So many of our emails have personal information in payslips, client statements, reports etc. If you are not 100% sure the recipient’s email system is GDPR compliant, then you should encrypt the correspondence.

We have some solutions to address these issues and would be happy to help you enable this protection. Please reply to this email or give us a call to discuss this further.

Recommendation 2 – GDPR Compliant Email System

Free Email Systems such as Gmail, Hotmail and Outlook.com are no longer sufficient for business correspondence as the providers will not guarantee the location of your data. Under GDPR it is your responsibility to ensure your business emails are stored within the EU with a GDPR compliant provider or protected by the US Privacy shield if stored abroad. Also, these free email system providers will not guarantee that they will encrypt your email store so if they so if a hack takes place all of your emails could potentially be compromised.

The long and the short of it is you really cannot expect GDPR compliance with something that’s free! We recommend businesses switch to Office 365 for their email system as this is entirely GDPR compliant. If you would like our help with this, please let us know.

Recommendation 3 – Online Password Manager

So much is stored in online systems these days including personal information. Online services such as online accounts, marketing, procurement, HR and HMRC etc. all need to be protected. Problem is most of us use the same username and password for multiple online logins because it’s just too difficult to remember a gazillion different passwords! So, to remove this barrier, we recommend the use of a password manager to hold different passwords for each service easily. These password managers do more than offer a tick a box for GDPR too! We like this recommendation; it improves the protection for our customers while simplifying the day to day use of their system also!