Menu

Let's start a new Adventure...

Fill in your details below and let us know how we can help you. We’ll be in touch as fast as we can!

We take your privacy seriously and will never pass your details on to third parties. When you contact us we will store your personal details to contact you and to email you updates and offers from time to time in the future.

GDPR – Managing your data

GDPR–Managing-your-data

[vc_row][vc_column][vc_column_text]

We all know by now that GDPR is about personal data but what does that mean to your business?

Personal data is information that identifies a person. Yep, that sounds straightforward enough. However, the regulations throw in this ‘directly’ and ‘indirectly’ curved ball making it more complicated.

We would all agree that a name, address, email, telephone number are personal data that directly identify a person. Not much disputing that.

But what about say a customer number or a payroll number? These are defined as pseudonyms by the Information Commissioners Office (ICO) that has prepared the framework for GDPR compliance. The IOC says that ‘Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.’.

So this is a bit grainier. However, to comply with the Regulations, it would be wise to include it as personal data. If you have any systems that identify IP addresses (the unique string of numbers that identifies each computer using the Internet), this would also be classed as indirect personal data.

So how can small businesses start to make sense of this personal data maze? Here a few actions you can take to help you on your way.

1. LIST THE DATA YOU HOLD AND WHERE YOU STORE IT

A good place for small businesses to start when considering their plan of action for GDPR compliance is to list all of the personal data it holds and where that data is stored.

Remember that the Regulations also apply to both digital and hard copy data.[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Brainstorm what data do you hold and where is it?

[/mpc_icon_column][vc_column_text]

2. WHY DO YOU HOLD THIS DATA?

Once you have identified all the types of personal data you hold you need to make sure you are keeping it for the right reasons (this will also be useful when you to come to write your privacy policy which will cover in a subsequent blog):[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Ask yourself the following questions & document the answers;

  • Why do I ask for this information?
  • What do I use it for?
  • Can I justify keeping hold of it?

NB: If you cannot justify keeping the information then you will need to delete it entirely and carefully from all of your records. GDPR is about only holding the personal data you need and not holding onto it for the sake of it.[/mpc_icon_column][vc_column_text]

3. WHAT IS THE RISK OF HOLDING THAT DATA?

Now you have thought about the data you hold, why you hold it and where you hold it you need to think about how this data could be breached.

What could happen that could mean the data you hold got out into the public domain?

There will be a limited number of ways this could happen such as;

  • human error (e.g. a mistake such as sending group emails with visible addresses)
  • firewall hack (e.g. professional cyber criminals)
  • internal hack (e.g. disgruntled employee, sales employees working their notice)
  • lost laptop, phone, diary or device
  • Crime, e.g. burglary, theft
  • Industry-specific threat

[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Make a list of the possible threats for each piece of data that you hold.[/mpc_icon_column][vc_column_text]

4. WHAT ARE THE CHANCES OF THESE THREATS HAPPENING?

Ok, now you are ready to think about the ‘what if’s’?[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Go back to the list you made in step 3, and using the risk ratings of high, medium and low decide how likely you think this threat is of actually occurring.[/mpc_icon_column][vc_column_text]

5. IF IT DOES HAPPEN HOW BAD WILL THE IMPACT BE?

Now you need to decide what the impact would be if the threat became an eventuality.[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Using the same rating (high, medium and low) assess the impact should the threat occur. How dangerous would it be?[/mpc_icon_column][vc_column_text]

6. HOW CAN YOU REDUCE THE RISKS?

Now that you have thought about your data, why you have it and how it could be breached you need to think about what you could do for each piece of data to reduce the likelihood of the risk. For example, to minimise firewall breaches, you could implement a website maintenance and protection package and increase the stringency of staff passwords. For the possibility of an internal hack, you could apply a clear desk policy or consider imposing garden leave for sensitive data positions.[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Revisit your list and add in adjustments and protocols you could implement to decrease each of the risks.[/mpc_icon_column][vc_column_text]

7. HOW DOES THIS HELP ME COMPLY WITH GDPR?

By following the above steps, you are showing that you are evaluating and managing the information that you hold. This is step 2 of the ICO’s 12 Steps to Preparing for the GDPR https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf[/vc_column_text][mpc_icon_column preset=”mpc_preset_20″ layout=”style_3″ alignment=”left” background_color=”#f2f2f2″ border_css=”border-radius:0px;” padding_css=”padding:25px;” margin_divider=”true” margin_css=”margin-top:10px;margin-bottom:30px;” title_font_preset=”mpc_preset_17″ title_font_color=”#435363″ title_font_size=”26″ title_font_line_height=”1.4″ title_font_transform=”uppercase” title_font_align=”left” title=”ACTION” title_margin_divider=”true” title_margin_css=”margin-bottom:8px;” content_font_preset=”mpc_preset_17″ content_font_color=”#435363″ content_font_size=”16″ content_font_line_height=”1.5″ content_font_align=”left” hover_border_css=”border-radius:0px;” mpc_icon__transition=”slide-down” mpc_icon__icon=”mi mi-warning” mpc_icon__icon_color=”#ffffff” mpc_icon__icon_size=”36″ mpc_icon__background_color=”#c4d600″ mpc_icon__border_css=”border-width:0px;border-color:#f3f3f3;border-style:solid;border-radius:50px;” mpc_icon__padding_css=”padding:10px;” mpc_icon__margin_divider=”true” mpc_icon__margin_css=”margin-top:-2px;margin-right:20px;margin-bottom:0px;margin-left:0px;” mpc_icon__hover_icon_color=”#ffffff” mpc_icon__hover_background_color=”#435363″ mpc_icon__hover_border_css=”border-color:#f3f3f3;” mpc_divider__disable=”true” mpc_divider__width=”10″ mpc_divider__align=”left” mpc_divider__content_padding_divider=”true” mpc_divider__content_padding_css=”padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;” mpc_divider__lines_color=”#dddddd” mpc_divider__padding_divider=”true” mpc_divider__padding_css=”padding-top:3px;padding-bottom:3px;”]Make sure you keep copies of all the work you do towards GDPR compliance. If you followed the above steps, you would have a paper or electronic trail. Capture these in a folder to start the evidence of your actions to GDPR Compliance.[/mpc_icon_column][/vc_column][/vc_row]

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Scroll to Top