Data Protection: Legal Safeguards for Your Business

In today’s digital age, data is the lifeblood of most businesses. Customer information, financial records, and intellectual property – all this valuable data resides within your systems. However, with this digital wealth comes a significant responsibility: protecting it from unauthorized access, misuse, or loss. Data breaches can have devastating consequences, damaging your reputation, incurring…

View On WordPress

Shore Up Data Security with These 3 Easy Tips

It’s 2019 and data security is no longer something you can push to the back burner. Small businesses are being targeted more than ever and the consequences are disastrous. According to UPS Capital,

Nearly two-thirds of all cyber attacks are being directed at small businesses.

Cyber attacks cost small businesses between $84,000 and $148,000.

60% of small businesses go out of business within six months of a data breach.

You have so much to lose and it’s critically important to be prepared. Here are 3 simple, actionable ways you can help thwart a data security breach for your company:

Train, Train, Train

“If you train hard…you’ll be hard to beat.”- Herschel Walker

One of a company’s biggest challenges in protecting data is the risk their own employees pose. Most of the time, employees are unaware that their everyday actions can actually open the door to a cybercriminal. That’s why it’s critically important to train your employees on the importance of data security and how they can contribute to keeping your company’s information safe. The more training you give your employees, the less likely they will be to inadvertently expose your company’s data.

Instill in your employees a sense of responsibility for company data. This applies to members on all levels, from the CEO (probably you) all the way down to the most part-time employee. Teach them that not only do they have a responsibility to the data security of the company they work for, but they also have a responsibility to safeguard the information of your clients and employees. Employee training should cover, but not be limited to the following:

Password management

Train employees on the importance of creating strong passwords and require them to change them frequently. Passwords should be difficult for others to guess but easy for the user to remember so that they don’t have to be written down. If your business uses many applications that require complex passwords, you might consider investing in a password management tool for your office such as 1Password.

Incident reporting

Equip your employees with the knowledge to do if they do experience a data security breach. Make reporting procedures clear and easy to follow. Employees should be trained on how to recognize if their device has been affected (running unusually slow, changes in desktop configuration, unexplained errors..etc.).

Email usage and phishing attacks

Using email responsibly is a key tenant in defending against a data security incident. Train employees to beware of scams and suspicious attachments and that those could be a phishing attempt and an tactic to solicit for personal information that could end up exposing your company’s data.

Unauthorized software

Let your employees know that downloading unlicensed software on a company computer is not allowed. Because many people download all kinds of things on their personal computers, they may not even think twice about installing a program on their work computer. But, unlicensed software downloads can make your company vulnerable to malicious software and, ultimately, a data security breach.

Put their knowledge to the test

Conduct regular training exercises to ensure your employees can practically apply the data security skills you are teaching them. Try sending out a simulated phishing email and see how many people fall for it.

Reward for compliance

This technique may result in less discipline for infractions. According to the Wall Street Journal, “Companies are starting to take a new approach to get employees to be more vigilant about cybersecurity. Instead of punishing employees when they make mistakes, they’re rewarding them when they do something good.”

Verify Vulnerabilities—Conduct an Audit

One of the best ways to protect your business from a data security breach is to see where your vulnerabilities lay. A great way to do this is to set up a cybersecurity audit. Once you know where the weaknesses are you can develop a plan to address them. The Financial Industry Regulatory Authority (FINRA) has developed a free Small Firm Cybersecurity Checklist that is a great audit tool that helps you hone in on areas where your company’s information is susceptible.

Schedule Software Updates

Software updates always seem to pop up at the most inconvenient time. So, naturally, you ignore them. But, the longer you delay installing updates, the more vulnerable your device is. Software companies provide updates to protect your device from cybercriminals and hackers. By not running the most up-to-date version of a software program, you are opening the door for your device to be infected by malware, ransomware, and other viruses.

Most software companies make it easy to keep your systems updated and protected. Take advantage of the automatic update features. Choose a time that is convenient for you and your office. Installing a huge, hour-long update at 2pm on a Wednesday is probably not the most productive use of you or your team’s time. Opt instead to have your devices automatically install updates outside of business hours, like in the middle of the night. That way, when you come in the next day, your software will be running the latest version and you will have minimized your vulnerability, and you (or your employees) won’t have to ignore those annoying reminders to keep updating your software.

Sources:

https://www.travelers.com/resources/cyber-security/cyber-security-training-for-employees

https://www.entrepreneur.com/article/325813

https://www.dngnet.com/5-ways-to-train-your-employees-on-cybersecurity/

https://www.usatoday.com/story/money/columnist/strauss/2017/10/20/cyber-threat-huge-small-businesses/782716001/

The post Shore Up Data Security with These 3 Easy Tips appeared first on SmartHustle.com with Ramon Ray.

from SmartHustle.com with Ramon Ray https://ift.tt/2V25zzv

What is GDPR? Everything you need to know about the new EU data laws

http://www.internetunleashed.co.uk/?p=28464 What is GDPR? Everything you need to know about the new EU data laws - http://www.internetunleashed.co.uk/?p=28464 GDPR has been all over the news recently, as companies of all sizes scrabble to make sure they're ready for the new regulations.Following the May 25th deadline, the new rules have now come into force, meaning your business now has to ensure it is compliant.But what exactly does GDPR entail? Here's our guide to everything you need to know. What is GDPR? The General Data Protection Regulation, or GDPR, (or EU Regulation 2016/679 if you want to be official) is one of the most significant and wide-ranging pieces of legislation passed relating to technology and the internet.Approved by the European Union in April 2016, and having come into force in the UK on May 25, GDPR  looks to bring together several existing laws and regulations to harmonize rulings across the EU.    Primarily, it replaces the UK's 1984 Data Protection Act and the EU's Data Protection Directive, which initially came into force in 1995, with new guidelines that are better suited to the modern, technology-dominated world. The main points of GDPR concern the privacy rights of everyday users and the data they create online, and will affect businesses of all sizes due to their effect on how companies gather, store, and look after their data.Under GDPR, companies will also need to give explicit notice when collecting the personal data of their customers. This will mean that consent will need to be explicitly given, and that companies will have to detail the exact purpose for which customers' data will be used.This personal data will also need to be encrypted by default as part of a process known as pseudonymization, meaning that it can't be linked to a specific person without being accompanied by extra information.Personal data applies to a wide range of information – effectively anything that could be used to directly or indirectly identify a person online. This could include names, email addresses, images, bank details, posts on social networking websites, medical information, or even a computer IP address.Users will also have the right to know exactly what details a company or organization holds about them, and also request that any of this information be deleted if they feel their rights to privacy are being infringed as part of the new 'right to erasure'.Companies that suffer data breaches, whether accidental or as part of a cyber-attack, will need to disclose this event to the relevant authorities within 72 hours of it happening, although there's no requirement to notify users unless instructed. Who does GDPR apply to? Put simply, if your business offers goods or services to anyone living within the European Union, GDPR will apply to you.  This means that companies outside Europe will also need to ensure they're compliant with the rules, as they could also be subject to fines if found not to be up to speed.If you have mailing lists for newsletters or promotions, and some of your prospects or customers are EU citizens, GDPR applies to you.  Upgrading your IT? Here are the best laptops for businesses 2018 What do I need to do to be ready for GDPR? As mentioned above, if you deal with customers within the EU, you'll need to ensure that the way you gather, store and use their data is GDPR-compliant.For starters, you'll need to identify exactly what data you currently own, and the means by which you acquired it. Many organizations may be unaware of the sheer mountain of information they own on their customers – just as their customers might be unaware how much info they have shared.All the data will need to be properly secured to ensure it remains protected, so it's definitely worth instigating new policies to limit access to the most precious data to a few key team members. You should also be frequently backing up your data, as under GDPR customers are able to request to view exactly what information you have on them at any time.If your business carries out large-scale data practices, you will also need to appoint a Data Protection Officer (DPO).A DPO will be able to take responsibility for much of the heavy lifting when it comes to GDPR, including overseeing compliance and data protection.Lastly, you'll need to ensure that all your employees are clued up about what exactly GDPR means. The rules aren't just the prerogative of the IT department, but could affect everyone in your organization. What happens if you're not GDPR-ready? GDPR is a huge deal, and as such the punishments for non-compliance are significant.Any organisation found to not be conforming to the new regulations after the May 25 deadline could face heavy fines, equivalent to 4% of annual global turnover, or €20 million, whichever is greater. It remains to be seen exactly how GDPR will be monitored, and if fines will be handed out to every company large and small, but for now the best course of action is to prepare as fully as you can. GDPR latest news and advice GDPR news and analysis- Facebook's Cambridge Analytica fine could have been even bigger under GDPR - GDPR rules would have meant a billion-pound fine for Facebook...- 5 unexpected consequences of GDPR - Now GDPR is full force, what are some of the potentially unusual results?- How to encourage consumers to part with their data now GDPR is here - GDPR is now in force, but how will it affect your customer relationships?- How will GDPR impact the mobile industry? - Mobile operators are confident that GDPR will be a good thing in their battle against OTT operators...- GDPR and its impact on e-commerce providers - GDPR will mean big changes for many businesses - how can you make sure your company is ready?- GDPR and the case for ethical data handling - Looking to finalise your GDPR compliance? Here are some top tips...- AOMEI's free backup software will keep you on the right side of GDPR - Free and secure for individuals and businesses...- The role of blockchain in GDPR compliance - Can blockchain be the key to helping your business conquer GDPR?GDPR Tips- GDPR: Turning the burden into an opportunity - The GDPR may actually improve the trust in your cloud storage app...- The GDPR hangover: tips for making a website GDPR compliant - Now the GDPR deadline has passed, how can you make sure your site is up to the new regulations?- GDPR and website operators – the final checklist - With just days to go, make sure your site is GDPR-ready...- Turning GDPR into an experience benefit - A guide to how your business can take advantage of GDPR...- GDPR compliance countdown: the final checklist - Is your organisation fully prepared for the upcoming GDPR?- How to make a website GDPR compliant - Ensure your site is GDPR-ready with these tips...- GDPR: Is your website compliant with the new regulation? - Make sure you don't fall foul of the new GDPR rules with this guide...- GDPR compliance and Blockchain - How are two of the biggest technology issues of today linked?GDPR information-  GDPR: The foundation for innovation - How can GDPR help benefit your business?- New UK data protection laws: everything you need to know for your online life - Taking control of the data flow...- Changes in European Data Protection Regulation: A look at the GDPR - Overview of the EU initiative to simplify data protection... Looking to stay secure for GDPR? Here's the best antivirus software of 2018 Source link

GDPR Compliance – A Practical Guide for Bloggers and Small Business Owners

Is your business or blog GDPR complaint?

If you answer “No” or, “What’s GDPR?”

Then, you should read this post very carefully!

In the last few days the online business space has been in a frenzy as online entrepreneurs and webmasters hustled to beat the 25th of May, 2018 deadline of being GDPR compliant. I’m sure that you must have received one of those emails telling you that their privacy policy have been updated!

So, what is GDPR compliance and what’s its implication for your online business?

If you are like me, then you must be asking these questions like right now. When I first heard about the GDPR I didn’t rush into updating my Privacy Policy instead I sought out different experts and also tried reading the GDPR document. But it wasn’t an easy task because the document is highly complex and simply unreadable.

I also found some articles and blog posts on Google but most of them had little to offer as they were mostly written to promote some product or the other. Many others were just a few thoughts on the GDPR document.

However, after much research and asking around, I was able to glimpse some insight into its meaning after which I reworked and updated my site’s Privacy Policy.

You can read the updated Privacy Policy here. It’s important that you read because it is the binding document on this site right now.

In this post, I want to share with you a few things on the GDPR and also give you a few tips on how you can easily stay complaint.

Related: Google’s New Privacy Policy: How Much Of User’s Rights Is Being Violated?

DISCLAIMER: I am not a lawyer neither am I in any away an expert on legal matters. What I have done here is to make this complex topic understandable and actionable for you, within my own understanding of the topic. This article is for informational purposes only. I recommend that you consult your legal advisor to determine your own GDPR needs.

That being said, let’s get started…

Part 1: An Overview of the GDPR

What is GDPR?

GDPR stands for General Data Protection Regulation and it is a new privacy regulation created by the EU to protect the privacy of all individuals within the European Union. Its focus is to give people more control over their personal data. This new regulation replaces the Data Protection Directive 95/46/EC and it is designed to harmonize data privacy laws across Europe.

While the regulation actually applies to businesses in the EU it however has effect on businesses outside the EU as long as they collect or process personal data of individuals residing in the EU.

This is where your blog or small online business is affected.

Of course, as an online business your operations are worldwide and persons from the EU do visit your website, blog or social media pages – except of course, if you’re blocking traffic from that part of the world!

Another very critical issue with this regulation is that though the deadline to be compliant was 25th May, 2018 it is also retroactive.

This means, if you have customers’ or subscribers’ data you’re storing or using even if these were collected before May 25th, 2018, you must ensure that you are also compliant on those too!

This is really serious and it will interest you to know that just a few day after the deadline Google, Facebook, Apple, Amazon, LinkedIn and others have been hit with serious GDPR complaints.

While these privacy activities may be targeting these giants for now, no one knows what they will be doing next. Remember that wise saying, a stitch in time saves nine!

If that does not give you some reason to be complaint, then this should…

The Penalties for Non-Complaint with GDPR

When I first noticed the panic this new regulation caused among online marketers I knew this was something special. And so, I was not surprised therefore when I discovered that most of the panic was actually because of the penalty – €20 million or 4% of your world-wide annual revenue, whichever is higher.

With that do you still want me to remind you at this point that you should take every step necessary to stay compliant?

What Is Personal Data?

It is important you understand the definition of personal data according to the European Commission. This will help you better understand what you need to do to stay complaint with this regulation.

According to the European Commission,

“Personal data is any information relating to an individual (the data subject), whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social media networking website, medical information, or a computer’s IP address.”

From the above definition (note that even a computer’s IP address is considered as personal data) it is clear that if you own a website or a blog, if you’re an online marketer, if you market on social media, if you use any form of tags for re-targeting customers…

… As long as you capture and record user data of any form, you need to be GDPR compliant!

It will interest you to know that websites and blogs, especially those that run on the WordPress platform, collect personal data in different ways. Some of these ways include:

Through registered users

Through comments posted on your blog

Through the use of contact forms on your site or blog

Through Google Analytics and other traffic monitoring software

Through email subscriptions

Through WordPress plugins

The Rights of Data Subjects Under the GDPR

Now, while you might be tempted to simply update your Privacy Policy and think that will do the trick, the truth is, that’s just the beginning.

The crux of the matter is the rights of the individual under this new regulation. It’s expected that if you receive any request related to any of these rights, you should respond within 30 days. So, it’s important that you know what these rights are and how to go about protecting them.

To get the full details about these rights you may want to check out the official GDPR site referenced above. However, for the purpose of this post, here’s a brief summary of the rights of the individual under the regulation.

1. The Right To Be Informed

The individual is expected to know what type of data you collect about him or her and how it is to be used. You should provide clear and concise information why this data is being collected, how it will be saved, for how long, who has access to it and who is the data controller.

2. The Right Of Access

Beyond knowing how you store their personal data, the individual also has the right of access to that data whenever they wish. So, a subscriber to your email list or a user of your website can demand to have access to the data you have saved about him or her and you are obligated to provide such data.

3. The Right To Rectify Saved Data

The individual also has the right to have their inaccurate or incomplete data that is saved by you to be updated or rectified. Whenever, you or your data controller receives such a request you are obligated to take the necessary steps to have the data updated as requested.

4. The Right To Restrict

The individual also has the right to restrict the use of his or her data. In this case, you may record such data but not use same for any purpose.

5. The Right To Port Data

If the individual so wish he or she may request their saved data in machine readable or human readable formats. They are free to use this data for whatever purpose they so wish.

6. The Right To Erasure

The individual also has the right to withdraw their consent and request that their saved data be erased completely.

7. The Right To Object

The individual have the right to object the use of their data in a certain way. It is therefore important that you inform the user ahead of how their data is to be processed.

8. The Right Not To Be Subject To Automated Decision-Making

Where the data you saved about a user is to be used for some form of automated decision-making that will affect them legally or otherwise the individual has the right to opt out of such processes.

While all of these sound complex it is important that you understand them so you can stay complaint.

What Does GDPR Mean for Your Business?

From the above, every business owner, blogger, web master, internet marketer, etc. (as long as you collect and process personal data of users and customers) has the following responsibilities:

Provide users your identity and inform them the type of information you collect about them, how and why you collect it, what you do with it, how long you store it, and who else have access to it

Obtain clear and explicit consent from the user when you collect their data

Give access to the user when they request such

Delete any use’s data whenever such a request is made and show proof that you have done this

Where there is any form of data breach, inform the users within 72 hours.

The question now is how do you ensure that you are complaint with all of these? This is what we want to look at next.

Related: How to Copyright Content: 5 Proven Tactics to Stop Content Theft & Ensure Your Content Is Not Copied!

Part 2: GDPR Compliance Checklist

Steps to Staying Complaint with GDPR

Let me repeat once again that the GDPR document is complex. The following is simply a basic guide of what you can do to be complaint.

Step 1: Update the Legal Pages of Your Website or Blog

These basically include your terms of use and privacy policy pages.

The terms of use or terms and conditions page on your site are basically the place where you state the rules that bind the user to your business. The privacy policy on the other hand deals with what type of data about your users and customers that you collect and process.

You will need to update these pages to include relevant information about GDPR compliance. Most of this will be on your privacy policy, since it is the document that deals primarily with consumer data on your site or blog.

Your updated privacy policy should specifically state who you are (which includes your name or organization name, address, contact information, etc), what personal data you collect, why you collect the data, how long you plan to retain the data, who else you share it with, how customers can download their data whenever they so wish, how they can delete or ask their data to be deleted, contact Information of your Data Protection Officer (which could just be your email address except you have a dedicated Data Protection Officer).

All of these should be clearly stated on your privacy policy page.

If you use WordPress for your site/blog then you will be glad to know that the latest version has a new feature that allows you to easily create your blog’s privacy policy.

To use this feature:

(a) Go to Settings -> Privacy

(b) Create a new page or choose your already existing privacy policy page to set it.

If you’re creating a new page, WordPress will populate the new page with the basic information that you need to have on your privacy policy. However, before publishing it you will need to review it, adding or removing data to agree with what you expect to have on your privacy policy.

Step 2: Obtain Explicit Consent of the User before Collecting Their Personal Data

Since you’re required to get the consent of the user before you can process their data you should do everything possible to ensure that this is obtained. Look into the areas from which you collect data of users. This will include places like blog comments, contact forms, newsletter subscriptions, etc. Make sure you have the explicit consent of the user before capturing their information.

The easiest way to do this is to put a checkbox on all the places from which you collect data for the user to provide their consent. It’s important that you’re specific of what consent you’re asking for and include a link to your privacy policy. Also it’s important that you don’t pre-check the checkboxes.

Again the latest version of WordPress already has this feature for comments.

Step 3: Clean Up Your Existing Email List

Since GDPR is retroactive you will need to clean up your existing email list to ensure that you only have subscribers who has given their consent. One way to do this is to send re-engagement emails so that your EU subscribers can re-optin to your list. Ensure that you clearly explain how you’d use the subscribers’ data and what content you will be sending them.

Step 4: Create a System for Data Subjects to Request Access to Their Data

GDPR requires you to allow users access to their data. It is not enough to state this on your privacy policy. You should also have in place a way for them to easily access the data when they so desire.

There are a number of ways you can do this. For example, if a user request to have access to the personal data you’re processing about them, you can take a screenshot of the customer record or you can export the contact details of the user in a CSV file and then send it to them.

This is another thing that the latest version of WordPress has made easy for you also. There are new tools for users to view their data, and even request deletion of their data. You can access these new tools by going to Tools.

Here’s the process of using these tools:

User requests to view or delete their data

You go to Tools and then to the Export or Erase Personal Data Setting

You enter the user’s email id, and click “send request”

This sends a confirmation link for the user to confirm their request

Once the user confirm the request you can then send them a downloadable file containing the requested data with the click of a button

Once this file has been sent it will be deleted after 72 hours for security purposes

If the request is for deletion, then as soon as the user confirms the request you can delete the data.

Conclusion – More Resources

There you have it, my simple guide to help you stay GDPR compliant. Please understand that, as I have mentioned earlier this is a complex topic. There’s so much that I have not touched on in this post. To dig deeper feel free to browse these resources:

General Data Protection Regulations (GDPR) full text

Frequently Asked Questions and Answers regarding GDPR

A guideline on identifying a Data Protection Officer

Again note that violating the GDPR comes with a heavy fine of 20 million Euros or 4% of your revenues, whichever is higher. If however you take the above necessary steps, you’ll not have to worry much.

I do hope that this has helped in any way. If so, then show some love by sharing the post with your friends on your favorite social media!

Feel free also to share your thoughts on the GDPR in the comments below.

Loved What You've Just Read?

Then join 3,047 other HAPPY Subscribers and get FREE updates in your email inbox starting now!

Enter Your Details to Receive FREE Updates

Subscribe for FREE

We hate spam and your info. is safe!

GDPR Compliance – A Practical Guide for Bloggers and Small Business Owners was first posted on June 5, 2018 at 9:08 am. ©2014 "The Web Income Journal!". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please Click here to contact me. from GDPR Compliance – A Practical Guide for Bloggers and Small Business Owners

What does the GDPR mean for SMEs?

The EU General Data Protection Regulation (GDPR) comes into force in the UK in May 2018 and is anticipated to have a significant impact on businesses across the country.

The GDPR is a replacement for the Data Protection Act 1998, and will apply to all organisations that process, handle and store any personal data of EU residents.

These new regulations mean businesses are required to gain consent  for all data collected from individuals, and provide clear and comprehensive privacy notices to help these individuals understand what they are opting into. Crucially, organisations of all sizes need to be able to prove that consent was given if they want to process any form of personal data.

Ultimately, the GDPR regulations mean increased powers for European Supervisory Authorities, including the ability to impose financial penalties of up to €20 million or four percent of the business’ worldwide annual turnover, for non-compliance or breaches.

With this in mind Ebuyer, a leading provider of storage, networking and security solutions to SMBs, has created a compliance checklist to help business owners avoid the potentially disastrous consequences of a compliance failure:

  Begin compliance discussions now with key people in your organisation.

Document the personal data your organisation holds, where it came from and who it is shared with.

Review your privacy notices. Under the GDPR, you will need to clearly identify the lawful basis for processing customer data, as well as how long you will retain it for and the customer’s right to complain about how you are using it.

Have a robust process in place for locating and deleting individual customers’ data, if and when requested.

Be aware of the new right to “data portability”. This means individuals have the right to request their personal data in a commonly-used, machine-readable format, provided to them free of charge and within one month.

Review how you seek, record and manage consent for data collection. Remember consent must be explicitly provided: assumption of consent (for instance, via pre-ticked boxes on a web form) can breach regulations.

Review how you will verify individuals’ ages, and how you will obtain parental consent to process the data of under-13s if required.

Reinforce your existing data breach reporting procedures to ensure your organisation can meet the new timelines.

Take steps to appoint a Data Protection Officer if you are required to, and consider who should be trained in, and responsible for, GDPR compliance even if not.

  Amber Smith, Head of Sales at Ebuyer.com said: “The new GDPR regulations will have a significant impact on small businesses, who will need to begin taking steps to achieve compliance as soon as possible. But it’s not just SMEs who need to begin making these changes, as the law applies to all companies regardless of size, from sole traders to multinationals.

“This year’s ransomware attacks should already have emphasised the need for businesses to invest in robust antivirus and cybersecurity measures, but in case they didn’t, hopefully the GDPR and its new penalties for non-compliance will.”

To find out more about what you need to do to ensure your business complies, please visit: http://www.ebuyer.com/blog/2017/06/impact-of-the-gdpr-on-small-businesses/

The post What does the GDPR mean for SMEs? appeared first on IT SECURITY GURU.

from What does the GDPR mean for SMEs?