Unsolicited telephone calls misusing our name - We do not nuisance cold call -
Have a question? Call us on 0800 1979 345
This article was published on August 11th, 2017
There is no denying that data breaches are becoming ever more commonplace in today’s society. Cyber-attacks that result in data breaches for some of the largest organisations in the world dominate the headlines, with hacking groups competing to claim the biggest victim.
However, many data breaches occur as a result of a simple error that could easily be avoided. A data breach can occur as a result of an employee doing something they shouldn’t or it may even be a simple case of human error. Examples might include sending information to the wrong email address, an unencrypted USB stick getting lost in the post or perhaps somebody may not store paper files in the office correctly.
Whilst data breaches to date have been a major cause for concern for both organisations and their clients or partners, the imminent introduction of the General Data Protection Regulation (GDPR) will make it imperative that staff not only understand what the GDPR is but also the implications for the business or organisation should there be a case of non-compliance.
The GDPR requires that companies show evidence of their compliance, and in the event of a breach, the company could face a series of penalties including fines of up to £20 million or 4% of their global turnover (whichever value is higher).
This makes correct training for all staff handling data essential.
We’ve put together our top tips to ensure you and your staff are GDPR ready.
Whilst the GDPR is set to come into force in May 2018, the time to start training is now. In many cases, there will be a lot of work to be done by a company’s senior management team as well as the Data Protection Officer before the company will be able to comply with the GDPR. Urgency is also key as there has been no indication that there will be a grace period for any company found to be non-compliant in May 2018. Therefore it is vital that you and your business are fully prepared come next year.
It sounds simple enough, but both you and your staff must fully understand the GDPR in order to adhere to its rules. Things to consider include; are your staff aware of how damaging a breach of the GDPR could be for the financial position and reputation of the company? Do they understand the purpose of the GDPR?
Once they are aware of the risks involved, as well as the rationale behind the Regulation, they can start to appreciate the significance of data protection laws and why they must adhere to certain company policies.
The training you and your employees undertake should be relevant and specific to your business. This will allow your employees to relate the new policies and procedures to their day to day roles. Training activities can range from encrypting data in emails, changing passwords on a regular basis, destroying confidential waste, to learning how to keep paper files secure when the office is empty.
Your employees are on the front line when it comes to data breaches, so it is vital that they are fully aware of how to spot a data breach, as well as how to report possible red flag situations.
One of the main obligations that the GDPR will introduce is that data breaches must be reported to the Information Commissioner’s Office within 72 hours of the breach occurring. Companies must also notify any individuals or customers who may have been affected within the same time frame. A clear policy should be put in place surrounding data breaches before May 2018 so that employees can report them in a timely and effective manner.
Online training is a viable option and should get most people ready for the GDPR. But is ‘should’ good enough when you could be fined £20 million? By providing face to face training with an expert, you are giving your staff a reliable and personable outlet to learn from. Providing face to face training will allow your employees to ask pertinent questions that online tutorials simply don’t cater for, meaning the likelihood of your staff fully understanding the new Regulation is increased.
May 2018 arrives, and your organisation is fully prepared for the GDPR that is coming into play. You think your job is done and that your GDPR worries are a thing of the past. Wrong!
A key strategy for every business going forward should be the continuation of training, even after the introduction of the new Regulation. New employees should be trained on GDPR issues as part of their induction before they are allowed to access company and customer data.
Training for those who have already been trained previously should also remain a priority, in order to ensure that all employees are always up to date with any changes or developments surrounding the GDPR or to highlight any changes in company policies where data protection is concerned.
We hope you find these top tips helpful, and that you are fully prepared come May 2018. If you would like any further information about the GDPR then please click here.
At Thorneycroft Solicitors we aim to build long-term working relationships with our clients, in order to understand their specific requirements and long term vision.
By providing competitive rates, flexible fee structures and high quality, innovative advice, we bring added value to our client’s businesses and help them to maximise every opportunity.
We are sure that you will find our team both friendly and approachable and each of our solicitors is an expert in their own area of law, ensuring that you receive up-to-date professional advice and information.
For further details or if you are interested in a consultation that may help protect your business, please contact a member of our team for free by calling 0800 1979 345 or complete our online enquiry form by clicking here.
This website privacy notice sets out how Thorneycroft Solicitors uses and protects any information that you give Thorneycroft Solicitors when you use this website.
Thorneycroft Solicitors is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
Thorneycroft Solicitors may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/05/2018.
What we collect
We may collect the following information:
We will collect the information directly from you via completion of our enquiry form on the website.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
We will also collect and process your personal data if you have consented to receiving marketing in respect of our services. You are able to unsubscribe or withdraw your consent at any time by emailing [email protected] or writing to ‘Marketing’ at Thorneycroft Solicitors, 9a Bridge Street Mills, Bridge Street, Macclesfield, Cheshire SK11 6QA.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
If you do not instruct us in relation to your legal matter, your personal details will be retained for a period of 12 months.
If we are instructed in relation to your legal matter, we will keep it in line with our data retention periods. Details of our retention period for your legal matter can be found within our Client Care Letter and/or Terms of Business, under the heading file retention.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
You can set preferences for how Google advertises to you using the Google Ad Preferences page, and if you want to you can opt out of interest-based advertising entirely by cookie settings or permanently using a browser plugin.×