Managing data protection and customer information – Staying Compliant
The ICO (Information Commissioner’s Office) has recently announced two major fines on companies that had suffered significant data breaches.
It proposes to fine BA (British Airways) £183m after hackers accessed the personal details of 500,000 customers finding that BA had “poor security arrangements” in place. The fine represented 1.5% of BA’s global turnover but the ICO has the power to fine up to 4% of annual turnover.
In the Marriott Hotels case, the proposed fine has been set at more than £99 million, again as a result of a cyber breach that exposed approximately 339 million guest records globally.
Both have 28 days to appeal the decisions.
A data breach is every business owner’s nightmare since the new GDPR laws were introduced in May 2018.
The regulations, designed to protect consumers, required businesses to not only take steps to keep personal data secure, and if the business was above a certain size, to appoint a designated officer to be responsible for data security.
Businesses were required to know what data they hold about people and ensure that they have that person’s consent to control or process it.
They now need specific permission from the relevant person who must opt in for the different uses of their data. For example, it is legitimate to hold data about an order for goods and use that data to fulfil the order and retain essential information for audit purposes. You cannot, however, use that information to carry out further marketing without that person’s permission.
All this means that if your business holds information about customers you need to have confidence not only that you have done everything you can to protect records form a cyber attack and to hold them securely, but also that if anyone whose information you hold requests it, you must remove their details from your records as promptly as possible.
However, information management can be a useful tool for a business. It doesn’t have to be seen as a threat or a chore.
Why not let PC Futures review your business and its current arrangements?
We will look at how you store it and how securely, what protections you have in place, but also how you can best use that information, perhaps with a bespoke CRM (customer relationship management) tool to better communicate with your customers, while still complying with GDPR.
Once we have investigated your existing arrangements we will give yo a report with recommendations and can then install anything you need if you have agreed.
Better to be safe than sorry!
Click here to see how we can help.