Data Privacy Day on 28 January sought to alert you as to how to better protect your customer’s data. And why it’s so important. The collection of data, and its value, is exploding. There are estimates the value of European citizens’ personal data could grow to nearly €1 trillion annually by 2020.
To deal with protecting data within Europe, new rules (a directive) came into place in 2016 on how business handles data, extending their scope to all electronic communication providers. These must be entered in each country’s laws by 2018 and will benefit business as they will only have one set of rules for doing business across Europe rather than abiding by rules in each country. These data privacy rules of course will apply in Ireland.
The idea behind the rules has been strengthened by research that found over 90% of Europeans, according to the European Commission, want the same data protection rights across the EU –regardless of where their data is processed. Further, nine out of ten Europeans have expressed concern about mobile apps collecting their data without their consent, and seven out of ten worry about the potential use that companies may make of the information disclosed.
The reforms will benefit business by cutting costs and red tape, especially for small and medium enterprises (SMEs), and hopefully stimulating growth. The EC estimates the new rules will benefit the European economy, and particularly SMEs, by around €2.3 billion per year.
The new rules are intended to benefit SMEs by helping them break into new European markets with four reductions in red tape:
- No more notifications: Notifications to supervisory authorities are a formality that represents a cost for business of €130 million every year. The reform will scrap these entirely.
- Every penny counts: Where requests to access data are manifestly unfounded or excessive, SMEs will be able to charge a fee for providing access.
- Data Protection Officers: SMEs are exempt from the obligation to appoint a data protection officer insofar as data processing is not their core business activity.
- Impact Assessments: SMEs will have no obligation to carry out an impact assessment unless there is a high risk.
Within Ireland, businesses that collect data have 8 rules to abide by as outlined by the Data Protection Commissioner. These are that businesses must:
- Obtain and process information fairly
- Keep it only for one or more specified, explicit and lawful purposes
- Use and disclose it only in ways compatible with these purposes
- Keep it safe and secure
- Keep it accurate, complete and up-to-date
- Ensure that it is adequate, relevant and not excessive
- Retain it for no longer than is necessary for the purpose or purposes
- Give a copy of his/her personal data to an individual, on request.
So there are rules about how you handle data. There are also a number of ways businesses can protect their data. Your business should ensure:
- every access point to data, including computers and mobile devices, is protected
- email servers are protected and staff are aware of how they can be targeted through scams and ransomware
- all information is backed up
- data stored in the cloud is protected
- all systems are regularly patched and updated.
Businesses should also clearly explain to their customers when collecting data why it’s required, how it will be used, that it will be encrypted and that it will be destroyed once it’s no longer required. All these will reassure customers.
Without secure systems and educated staff it is easy for criminals to access your customer’s personal data. Any loss of this data can lead to reputational damage, a costly loss of business to your competitors and a costly problem to rectify.
Here at Blacknight we provide a number of backup solutions to help business keep your customers’ data secure.
For websites there’s our site backup service, which is simple to use and very cost-effective. If you need to backup your laptop, desktop or office servers we offer Acronis backup. And for Office 365 users we will soon be offering a backup service as well.
For more information on protecting your data in Ireland and Europe, see: