Superdrug… Butlins… Costa Coffee…Dixons Carphone…British Airways… The list of organisations which have suffered a data breach goes on and on. Small wonder then that complaints to the Information Commissioner’s Office (ICO) are on the rise. So much so that between 25 May when the new GDPR (General Data Protection Regulations) came into force and 3 July the ICO received 6,281 complaints; a rise of 160% on the same period in 2017.
And when breaches occur it can seem as though companies roll out the same response: an apology followed by a recommendation to reset passwords or in extreme cases recommending that people obtain replacement bank cards. Now thanks to the new GDPR regulations those whose data has been stolen or mislaid can at least receive some comfort that breaches have to be notified within a short time frame and that the fines levied on organisations could be as substantial as €20million or 4% of global turnover. But that’s not really the point. Irrespective of any fine, companies are putting at risk the financial security and peace of mind of their current and past customers.
So what is the solution? Whilst it has to be admitted that those who indulge in data theft can be extremely IT savvy, it also has to be acknowledged that in some cases organisations offer an open door to potential thefts. And when it comes to data loss; practices such as leaving laptops on trains or inadvertently publishing data online are complete own goals.
Data is personal
GDPR or not, perhaps organisations need to go back to basics and to remind themselves of the fact that data isn’t simply a series of 1s and 0s on their computer system. Data is personal. Data is intrinsically linked with people’s lives. And people have trusted you to take care of their personal and financial details.
That’s where the Golden Rule comes into play. Whilst its origins are lost in the mists of time the golden rule essentially requires you to treat others as you would wish to be treated yourself. Think of data in these terms and you may well find that your attitude and approach to data will change.
For some organisations that may simply require a general reminder of the importance of treating customer data as you would treat your customers; with respect and courtesy. For others it may require a complete cultural reset, starting at the top of the organisation. Either way, never forget that data risk is a directorial responsibility and should be kept under ongoing review alongside other identified trading and external risks.
In choosing you as a supplier of goods or services your customers placed their trust in you. And that trust goes beyond the immediate transaction, encompassing areas such as product safety and probity. They have trusted you, isn’t it now time that you repaid that trust by taking care of their data?
Director of Elemental CoSec, a company secretarial firm. Lawyer. Triathlete.
Elemental is one of the leading corporate services firms in the UK, providing company secretarial services, administrative services, accountancy services and corporate services to a full range of clients.