It’s been over a year since the General Data Protection Regulation (GDPR) came into effect. The European Union passed the regulation to give consumers across Europe greater control of their personal data. It requires companies to get explicit consent before collecting user data online, and while many were concerned about how the regulation would affect them, for most it’s been business as usual.
However, that doesn’t mean to say that data privacy should be taken lightly. GDPR is amongst the most stringent piece of data privacy legislation that has been introduced in decades, yet how you protect your clients’ data has always been imperative and will continue to be – your reputation relies on it.
For contractors, data privacy primarily relates to how you manage your clients’ personal information. In the digital age, you probably hold more data about your clients than you realise, and it’s up to you to manage it responsibly and store it securely. If their information gets into the wrong hands, or you’re responsible for a data breach, the consequences could be catastrophic.
Unfortunately, it’s too easily done. If you’re an IT contractor for the NHS, for example, you could make an innocent coding mistake and accidentally expose thousands of patient records and sensitive data. Maybe you have some confidential client files stored on a USB and you lose it. Or maybe you’ve noted down some clients’ banking details on a piece of paper and it goes missing. Data breaches happen all the time, no matter how careful people try to be.
Why data privacy is more important than ever
Industry experts expect countries around the globe to introduce even stricter data regulations in the coming years, and businesses are encouraged to be proactive about how they collect, use and store data going forward if they want to stay on the right side of the law.
The good news is that data privacy doesn’t need to be difficult and it’s well worth your while taking the time to review your security policy. Indeed, as the Information Commissioner’s Office said: “Good information handling makes good business sense. You’ll enhance your business’s reputation, increase customer and employee confidence, and by making sure personal information is accurate, relevant and safe, save both time and money.”
If you’re unsure about whether you currently comply with data protection law, you can take a quick quiz on the Information Commissioner’s Office website which asks you questions such as 'Do you have a record of what personal data you hold?' and 'Do you know what you use it for?' It will then generate a report with some recommendations for your business.
You can also take some simple steps right now (listed below), which will help to protect your business and your clients’ data. And if you don’t already have it, you should consider taking out insurance to further protect your business, including Professional Indemnity (PI) insurance, which covers you against a range of scenarios like professional negligence, loss of documents or data and unintentional breach of copyright or confidentiality.
Here are six easy ways to tighten up your security policy, protect you and your clients, and remain compliant.
Secure your physical documents
If it’s absolutely necessary to print hard-copies of documents, do you have somewhere you can securely store them? Lock them away in a drawer, safe or your office. If you’re working from home, you may want to consider fitting a locking mailbox so that thieves can’t steal your mail.
Safely dispose of physical copies
How do you currently dispose of confidential documents, including receipts, bank statements and papers that contain confidential information? Legally, if they contain any third party’s personally identifiable information, they have to be disposed of correctly under the Data Protection Act. So before discarding them in the bin, make sure you shred them. You should also regularly check you are not keeping personal data for longer than you need to.
Ensure your wifi network and devices are secure
Not only do you need to protect physical documents, but you must take measures to protect your online activity and digital information. Make sure your wi-fi network is protected with a secure password, ensure your devices cannot be accessed without a password, are locked when not in use and not left unattended in a public place, and remain vigilant when sharing information or using unfamiliar websites.
Be vigilant about handing over personal information
If somebody asks you to provide your own personal or confidential information, don’t assume they have a right to know. Be careful when handing over personal details such as your bank account and National Insurance number. Check if they really need it and, if so, ask how they’ll help protect it.
Use strong, unique passwords for all of your online accounts
Your wifi network password may be a completely random collection of unguessable numbers and letters, but how secure are all the other passwords you use online? Could somebody guess them without having to know much about you? If they get hold of one password could they access everything else? Try to mix up the passwords you use and do what you can to make them hard to guess. To make this easier, use an online encrypted password management tool rather than the one built into your browser.
Check your online privacy settings
Finally, take the time to regularly assess the privacy settings on your social media and email accounts. Privacy settings change all the time, and sometimes you may unwittingly share more than you intended during an update. Do what you can to keep your identity and your clients’ identity secure.
Data privacy will continue to be a prevalent issue and it’s in your interests to do what you can to protect yours and your client’s personal information from unintentional exposure. If you don’t, the consequences could be devastating – both for your business’s reputation and from a financial point of view. Most decide that it’s not worth the risk and take out extra precautions such as PI insurance.