Google fined £44m for not being GDPR compliant. Are you protecting your data?
The first of the huge fines following the implementation of GDPR are finally here. Google has been smacked with a £44m fine from French data regulator CNIL for a breach of the EU’s data protection rules.
The ruling was based on the fact that Google:
"Lacked transparency, inadequate information and lack of valid consent regarding ads personalisation"
As well as the internet search engine giants, Amazon, Apple, Netflix and Spotify are all facing GDPR complaints.
With such huge corporations facing problems around GDPR, it asks the question whether companies truly understand the implications of not being GDPR-compliant, and what can be done to keep their data secure, and not be at risk of facing further huge fines.
There are so many ways that each of you could be putting your clients data at risk without even realising. Data loss, malware and hackers are all too common nowadays in technology, but unfortunately, these aren’t the only threats to a companies data - breaches due to human error are also ever-present.
Internal data leakage
When an organisation’s information is transmitted without authorisation, data leakage occurs. According to an Intel study, almost 43% of serious data loss incidents could be traced to an internal user. Of those 43%, at least half were accidental. The Intel study suggests that internal leaks were more likely to happen using physical media. A misplaced USB drive or an unsecured laptop is all it takes to suffer a data loss.
But there is some good news! Once you’re aware of how these leaks happen, you can take simple steps to help prevent them:
- Stop using USB and external drives, and embrace your company’s file sharing tool, such as Box, to access documents when you’re on the go
- Make sure your laptop is encrypted and stored securely
- Carry out internal audits, monitoring and logging of user activity
- Train your staff properly in protocol and awareness for data handling
Shadow IT, sometimes called stealth or client IT, is technology that is used without the knowledge, support or approval of IT within a business. It could be a messaging app, free file sharing solution, digital notebook or handy password keeper.
Although these solutions seem worry-free and easy to use, they can often cause more hindrance than help.
Technologies that exist outside of the approved IT structure can:
- Introduce network security threats including viruses and malware
- Cause gaps in regulatory compliance
- Silo knowledge and hamper efficiency efforts
Let your IT team know if you need to use programs that aren’t approved - they can evaluate and raise concerns if necessary, but if all is well, they may be able to give it their seal of approval and possibly even encourage company-wide adoption.
It’s estimated that the average business user has 191 passwords to remember, but uses the same selection of 4-7 unique passwords over and over. 20% of passwords are considered ‘weak’ and can be cracked in under 4 minutes. So, when you set your password, give it the weight and consideration it deserves as a gateway to your businesses’ valuable data.
Here are some password tips:
- Use passwords that are more than 8 characters long
- Use a combination of upper- and lowercase letters, numbers and special characters
- Don’t use words in the dictionary
- Update your password every 90 days
- Enable 2-factor authentication whenever it is available
Every employee within a company holds the power to cause a data breach. By raising awareness, you can help mitigate the risk of this happening, and ensure that a data breach doesn’t happen anytime soon at your company.