Preventing A Data Breach 

Print Friendly, PDF & Email

Preventing A Data Breach 

Key Contact: Declan Goodwin

Author: Rachel McCulloch

Businesses can hold a lot of personal data and regardless of whether this data relates to its employees, customers, or someone else, it is essential businesses protects the security of their data.  

A personal data breach can be disastrous for a business; the UK GDPR sets a maximum fine of £17.5 million, or 4% of the annual global turnover, whichever is greater. This is in addition to impacting the business’ reputation, customer loyalty, and potential litigation from those affected.  

Below we outline some key ways you can minimise the risk of a personal data breach. 

Security 

Personal data should always be stored securely to ensure people without authorisation cannot access it. Some security measures you should be taking include: 

  • Keeping personal data encrypted, anonymised or pseudonymised. You can also limit access to only those who need access. Fewer people who have access to the personal data means the risk of accidentally exposing the data is reduced.  
  • Use appropriate security software such as firewalls and VPNs and make sure to regularly check for updates and patching as networks are vulnerable when updates are ignored. 
  • Carry out vulnerability assessments to check for any security weaknesses in your systems and take immediate action to fix any problems. 

Staff training 

Human error is the leading cause of personal data breaches. Therefore, it is clearly essential that your staff, at all levels, are provided with data protection training. Some training to consider includes: 

  • Education on the most common threats so that staff recognise them (for example, phishing or other suspicious emails, social engineering and ransomware). 
  • Company best practices such as having a clear desk policy, locking away laptops and hard drives, creating strong passwords and never sharing passwords.  
  • Staff should receive data protection training as part of their onboarding process, but it is essential they also receive refresher training on a regular basis that is specific to their role.  

Assessments and policies 

Businesses that process personal data should have in place certain assessments and policies which will govern the processing and how to minimise the risk of a personal data breach. Some key considerations are: 

  • It is good practice to complete data protection impact assessments (DPIA) when processing personal data which will help you identify and minimise data protection risks. 
  • Make sure you have data protection policies in place, such as those outlining your retention policy and data subject rights. Regularly audit these policies and keep them up to date.  
  • In case a breach does occur, you will want to be prepared. You should have a response plan in place setting out your procedures for investigating and evaluating the breach. 

We can assist you with each of these steps, including by providing training to you and your staff and helping you draft and implement data protection policies. You can also use our free data assist audit tool following which, you will receive a personalised report outlining any issues you should address. You can find this tool here

For further information or advice, please get in touch with our Commercial and Technology Team. 

Recent Posts

ECHR Releases Guidance on the Worker Protection Act
October 3, 2024
How will Probation Periods Affect Protection from Unfair Dismissal?
October 3, 2024
How Will the Case of Tesco Stores Ltd v Union of Shop, Distributive and Allied Workers and Others [2024 UKSC 28] Impact Fire and Rehire?
October 3, 2024
Sponsor Licence Management Duties: Crackdown on Compliance
October 1, 2024
Spotlight on… Janice Powell
September 25, 2024
Acuity Law Social Housing
Social Housing in the Hands of the Labour Party
September 17, 2024

Archives

Categories

Skip to content