5 Important Data Protection Considerations for Businesses
Data Protection Day (or Data Privacy Day in the US) is celebrated annually on January 28th. Launched in 2006, the date marks the anniversary of the Council of Europe’s data protection convention — Convention 108 — setting out key principles in the area of personal data protection.
Looking back, 2018 was the year that data protection got serious, with some major events at both ends of the data protection spectrum.
At the positive end, we had GDPR. Since it came into force on May 25th 2018, the way entities across all sectors use and manage data has been reshaped, and the roles of key business leaders have been redefined. Although it’s been the cause of a lot of headaches, GDPR has been a hugely positive move toward better consumer data protection. And as complex as it may seem on the surface, we can distil GDPR down into one beautifully succinct keyword — consent. But more on this later.
On the flip side, 2018 also saw some of the biggest and most widely reported data breaches in modern history — most notably, the Facebook Cambridge Analytica scandal, quickly followed by the Marriott Starwood data breach. So, all was far from rosy.
But what does all this mean for you, personally? What does it mean for your business?
Take a look at our Top 5 Data Protection Considerations.
1) Are You GDPR Compliant?
Let’s start at the top.
If you handle personal data, at all, you need to do so in a GDPR compliant fashion. Whether that be mailing lists, website tracking, or customer’s personal data, you need to be clear and transparent about your reasons for requesting that data and how you intend to use it.
In short. You need to receive customer consent before you can gather, store, and use their data. Not only that, you have to overtly request that consent in clear, straightforward language. And, you must allow customers to withdraw consent at any time.
Here’s a quick summary of some of the key GDPR obligations:
Have an updated privacy poilicy to explain to customers how your website collects and uses their data.
Make sure you list ALL types of data being collected by your website, and whether they allow third-party access.
Require customers to opt-in to all consent forms by having these unchecked by default.
Customers have the ‘Right to be Forgotten’ and the ‘Right of Access’ to their data. Make sure you have automated data deletion processes in place to make it easy for customers to withdraw consent, as well as an easy way for retrieving a full set of the data held for an individual.
If you have mobile websites or apps, make sure they are covered by your data protection and privacy policies.
Know how to act if your website is subject to a data breach.
2) Have You Checked Your Privacy Settings Lately?
This is a quick and easy fix (depending on how many apps you use).
Limit the amount of data you’re sharing through the account settings across your various apps. There will be privacy settings available. Make sure you decide on how much and the types of information you share with third parties. Especially on social networks.
Determine who sees the content you post and who is able to access your profile information.
Make sure you check your device settings too. Smartphones, tablets, laptops, all have a range of security and privacy settings that you can customise. Configuring these should be the first thing you do when acquiring a new device. Very often they are set to transmit location and usage data as a default. It’s up to you to decide what you’re comfortable with sharing.
If this all seems more hassle than it’s worth, you could use an app to help you control app permissions. For example, MyPermissions.com can check your permission settings across most of your apps and provide you with alerts when apps access your personal information. It will also allow you to withdraw consent with a single click.
The app is free to download and currently supports Facebook, Google, Twitter, Instagram, Dropbox, and Yahoo. It will perform an initial diagnostic scan and highlight the apps that pose a threat to the privacy of your accounts. However, there is a subscription fee for removing permissions.
3) 2FA All the Way
Two-factor authentication (2FA) is simply another layer of protection when signing into a password-protected account. 2FA adds a second verification step in the login process such as a PIN or randomly selected letters from a secret word.
More commonly now, 2FA links your account to a personal device. Once your login and password have been successfully entered, a code is sent to the linked device to enable you to authenticate your login attempt. This means that a hacker would need to know your login and password details and have control over your personal device in order to successfully access your account.
If you’re offered two-factor authentication, take it.
4) Update. Always Update.
Updates can be annoying. They have the knack of materialising when you least want to run an update and a device restart.
Often what happens is, we ignore the update and continue to run the old version of the software or operating system. Who wants to hang about watching that percentage bar crawl across the screen? The old version works just fine. We can always update another day.
Even though it may seem we’re constantly being hassled to perform updates, there’s a good reason for it.
Updates are for our own protection.
They fix bugs and improve security. In fact, if you read the update’s details you’ll often find similar wording to, “this update contains important changes to improve the performance, stability and security of XYZ.”
Don’t make yourself vulnerable to malicious software because the program or system you are running is out of date. Stay updated. Stay safe.
5) Password Managers
IT Manager: “The best passwords contain a combination of at least 13 uppercase and lowercase letters, numbers, and special characters.”
Passwords, like updates, can be a massive headache. Especially when you have multiple accounts that you use frequently. Even more so when you have one or two accounts that you use only once or twice a year!
We all know the reason for creating complex passwords. We understand the need for having different passwords for each account or service we use. But in reality, it’s too much hassle.
That’s where a good password manager, like 1Password, comes to the rescue.
It will help generate complex, random, long-string sequences of alphanumeric and special characters for all your accounts. Not only that, but it will save and remember all your passwords and usernames for you, and even autofill them at login. All you need to do is create and remember one master password.
Protect your account login details. There’s no reason not to.
Data Protection is Personal
Remember your data is personal. So is everyone else’s. Treat it with care and due diligence. Be conscious of who you share your data with.
And on that note, we leave you with this.
If you’re interested in finding out how Social INK can help your business, don’t hesitate to reach out here.