Acuity Portal Sign In
16
Aug
2023

Preventing A Data Breach 

,
Print Friendly, PDF & Email

Preventing A Data Breach 

Key Contact: Declan Goodwin

Author: Rachel McCulloch

Businesses can hold a lot of personal data and regardless of whether this data relates to its employees, customers, or someone else, it is essential businesses protects the security of their data.  

A personal data breach can be disastrous for a business; the UK GDPR sets a maximum fine of £17.5 million, or 4% of the annual global turnover, whichever is greater. This is in addition to impacting the business’ reputation, customer loyalty, and potential litigation from those affected.  

Below we outline some key ways you can minimise the risk of a personal data breach. 

Security 

Personal data should always be stored securely to ensure people without authorisation cannot access it. Some security measures you should be taking include: 

  • Keeping personal data encrypted, anonymised or pseudonymised. You can also limit access to only those who need access. Fewer people who have access to the personal data means the risk of accidentally exposing the data is reduced.  
  • Use appropriate security software such as firewalls and VPNs and make sure to regularly check for updates and patching as networks are vulnerable when updates are ignored. 
  • Carry out vulnerability assessments to check for any security weaknesses in your systems and take immediate action to fix any problems. 

Staff training 

Human error is the leading cause of personal data breaches. Therefore, it is clearly essential that your staff, at all levels, are provided with data protection training. Some training to consider includes: 

  • Education on the most common threats so that staff recognise them (for example, phishing or other suspicious emails, social engineering and ransomware). 
  • Company best practices such as having a clear desk policy, locking away laptops and hard drives, creating strong passwords and never sharing passwords.  
  • Staff should receive data protection training as part of their onboarding process, but it is essential they also receive refresher training on a regular basis that is specific to their role.  

Assessments and policies 

Businesses that process personal data should have in place certain assessments and policies which will govern the processing and how to minimise the risk of a personal data breach. Some key considerations are: 

  • It is good practice to complete data protection impact assessments (DPIA) when processing personal data which will help you identify and minimise data protection risks. 
  • Make sure you have data protection policies in place, such as those outlining your retention policy and data subject rights. Regularly audit these policies and keep them up to date.  
  • In case a breach does occur, you will want to be prepared. You should have a response plan in place setting out your procedures for investigating and evaluating the breach. 

We can assist you with each of these steps, including by providing training to you and your staff and helping you draft and implement data protection policies. You can also use our free data assist audit tool following which, you will receive a personalised report outlining any issues you should address. You can find this tool here

For further information or advice, please get in touch with our Commercial and Technology Team. 

Recent Posts

Unlocking The CQC’s Quality Statements – How And Why “Co-Production” Must Become A Cornerstone Of Your Service
April 26, 2024
Court Of Appeal Rules On Damages Award Following A Breach By The NHS Of Its Procurement Obligations – Braceurself Limited v NHS England
April 23, 2024
Acuity Law Reveals Role In £1.13 Million Seed Funding For London-Based Healthtech, HealthKey
April 18, 2024
International Women's Day 2024
Playing To Our Strengths
April 9, 2024
Howe Properties (NE) Ltd v Accent Housing Ltd [2024] EWCA Civ 297: Interpretation And Applicability Of Service Charge Provisions
April 8, 2024
Vento Bands 2024
April 2, 2024

Archives

Categories

Skip to content