GDPR compliance: 6 vulnerable spots every business needs to check

Think that your business has done everything it needs to for GDPR? The General Data Protection Regulations have now come into effect, causing a flurry of frantic emails to subscribers and website pop-ups about privacy policy updates.

Many organisations have been preparing for GDPR for months, while smaller businesses have only recently made limited changes to the way they store and use consumer data. But is this enough? You may feel that you’re fully GDPR compliant, but it could be worth checking these 6 vulnerable spots just to be on the safe side:

  1. Hidden’ data storage on your website and social media. There are many places that your business will either intentionally or inadvertently collect data. When you collect it, you may also end up storing it unless you have procedures in place. Key examples include private messages sent to your organisation’s social media accounts, from businesses and customers. If they contain private or sensitive information, they must be deleted as soon as the information is no longer needed. For example, if a customer provides you with a home address so you can send them a competition prize. Once the prize is posted, the whole chain of messages should be deleted.
  1. Password strength. Does your organisation use many of the same passwords for everything, and how often are these passwords changed? Choosing strong passwords is a key part of being a responsible data processor, and it can also provide protections for your business. Here’s how to create strong passwords (and remember them).
  1. Developers, designers and contractors – who has access to your website data? Developers usually require full access to your site in order to address support issues and other tasks, which means that they can access all your data. To plug what could be seen as a security gap, it’s a smart idea to get a contract in place between your organisation and any contractors or suppliers which specifies data protection agreements.
  1. Business devices. Do your business-owned laptops, tablets and smartphones have appropriate security features? If each contains easily-accessible data or is automatically logged into your key accounts, it is crucial to keep them secure. This means password protecting, locks and other cryptographic services to restrict access just in case the device falls into the wrong hands.
  1. Cloud storage – reviewing permissions. If many of your business files and documents are stored in the cloud, it’s easy to lose track of who has access to what. Now that GDPR has come into force, it’s the ideal time to review and manage permissions.
  1. Protecting files. If important files aren’t stored in the cloud, password-protecting them is a recommended measure to keep data safe. What if your laptop was stolen or someone managed to hack into your network? You need to do all you reasonably can to keep sensitive customer data safe.

For more advice on GDPR and how to be compliant in everything from your website to online marketing, please feel free to contact the expert team here at Ambos Digital.