What's Floating Around

What’s Floating Around Cloud 9? 11 December 2017

Data Protection

Welcome to another (rather cold) week and we are starting with a trip to London today for Paula, who is attending a GDPR Workshop, to ensure the team here understand the new European personal data regulations that come into force next May.

The existing Data Protection Act will be replaced by the EU’s General Data Protection Regulation (GDPR) and this is a framework with greater scope and much tougher punishments for those who fail to comply with new rules around the storage and handling of personal data – so really important for us as a business to understand fully.  We email customers, stakeholders, delegates and all manner of people all of the time,  so understanding the new stance on the storage of personal data is vital as is protecting that data from the baddies online!

Recent figures show that in 2016, companies in the UK lost more than £1billion to cybercrime and breaches in data have given criminals access to names, birth dates, addresses and even social security and pension information, and, a recent report from the Federation of Small Businesses (FSB) claims that SMEs are now more likely to be targeted by cybercriminals than their large corporate counterparts, as we are  consider  easier targets that some of the big companies with well-defended corporate counterparts.

This is one of the reasons that GDPR is considered long overdue by many authorities, and ignorance will be no defence for SMEs who fail to comply, hence our enthusiasm for ensuring we understand the do’s and don’t for Cloud 9 going forward into the New Year.

One of the biggest changes we will face is around consent, as under the new regulations, companies must keep a thorough record of how and when an individual gives consent to store and use their personal data. Consent also means active agreement so a pre-ticked box is no longer sufficient –  and  – we will all need to keep a formal audit trail. Those individuals on the mailing list have the right to withdraw consent at any time, easily and quickly and when they do, all of their details must be permanently deleted, not just removed from a mailing list.

Should we have a data breach, GDPR will force us to inform the relevant authorities within 72 hours,  and give full details of the breach and our proposal for mitigating its effects.These new conditions alone – and there are many more – show just how demanding the new regulations will be and how the data is stored whether on a PC, a server or on a cloud, and  there’s probably a lot more to it so at least we are taking steps to understand the new laws nice and early as the last thing we want is to upset anyone on our mailing lists or to receive a fine.

There are some advantages to the new laws though, in that if you worry about embarrassing social media posts online that have been around for years, you can now ask for them to removed and hopefully it will stop a lot of unnecessary phone calls and rubbish through the post – which lets be fair, can only be a good thing.

Have a great week and just remember, when you are ordering online this year, you can opt out if you need to!

Ho Ho Ho!