In 2018 the media was flooded with GDPR, as there were some significant changes to the guidelines for how businesses manage and store personal data. Since then we’ve seen proper data management slip from day to day awareness.
When a data breach occurs it could increase the risks of fraud, criminal behaviour or identity theft – and if you suspect there has been a breach of security where personal data has been accidentally or unlawfully destroyed, lost, altered, disclosed without permission or authority, or accessed by someone who ought not to have access, it’s vital that you report that breach.
If this breach happens within your organisation – even if it is accidentally so – you must immediately consider whether this breach poses any risk, and the severity of that risk to the rights and freedoms of those whose data has been breached.
If there is a risk, you must notify the ICO immediately. The ICO – Information Commissioner’s Office – are the UK’s independent authority, set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
How do I report a breach?
The ICO website has a self-assessment process where you can identify the level of risk, and which will guide you through the necessary steps and information you need to provide. This self-assessment can be found here. and you can assess that risk, action a report and learn how to protect from future incidents, as well as informing those affected.
What are the penalties?
If you access, store or use any personal data within your business – names, addresses, bank details, any other information which can be used to identify or contact people both within and outside of legitimate business contact – it is your responsibility to ensure that the data is stored securely. Printed documents must be in locked cabinets, never left unprotected, and digital data must be encrypted, and never shared without permission.
Failing to do this could bring penalties to the organisation and the individual responsible for the breach. These penalties come in two tiers; the more serious of these being a fine of up to 20 million euros, or up to 4% of the annual turnover of the company – whichever is higher.
What about breaches during the COVID-19 pandemic?
One of the biggest changes to how data is shared, stored and handled in recent months is due to the number of professionals working from home and outside of their usual office environments. This necessarily means that people are accessing and sharing data outside of their usual stringent and secure methods. Whilst the ICO have promised to be lenient in relation to these circumstances, it’s still vital that you maintain high standards of security and that you recognise the accountability of those handling this information; you can find more guidance from the ICO on accountability.
The ICO have also shared their best practice guide to working from home, which offers great advice and guidelines for ensuring that data remains secure.
If you need support to ensure that your teams are maintaining secure communications, that your IT systems remain protected and that your GDPR processes are still being adhered to – even with distance working and teams using their own home offices – our expert IT support professionals are experienced in creating secure, protected networks and can help you to ensure those standards are being upheld. Call today on 0207 317 4535 or email us at [email protected] – we have simple steps we can put in place to protect you, and your data, immediately.