The crackdown on data security

In association with

Read the news on any day and you’ll invariably see at least one article about data security breaches – whether it’s millions of Yahoo’s customer records being released by hackers or charities fined for sending unsolicited emails.

By Phil Brown, specialist technology lawyer, Napthens Solicitors

In May next year the General Data Protection Regulations come into force, and they are even tougher than the current regime - more obligations, bigger fines.

Whilst it may be big brand names hitting the headlines, data protection and security affect all businesses and it is time to make sure that you’ve got everything in order.

If your business holds any personal data - and it will do - then you need to know: What information you hold Where you store it What you are allowed to do with it How long you can keep it What data you hold and where you store it seem like simple questions, but soon become tricky when the answer is ‘in the cloud’.

Customer records, employee records, supplier details, newsletter mailing lists – it’s not hard to imagine that your business’ data is dotted around the world on other people’s servers.

What you are allowed to do with it and how long you can keep it are dependent on how the information was collected and what consent (whether explicit or implicit) was given at the time.  If you don’t know this for certain, then it’s probably time to delete it.

Spare a thought for Honda who recently discovered records which they couldn’t tally with consents or opt-outs. Concerned about breaching data protection laws they decided to contact everyone on their list to ask if they consented to remaining on the database or wished to be removed. The ICO received one complaint (out of 280,000 recipients) and fined Honda for sending unsolicited emails. Make sure you’re prepared - speak to a specialist lawyer as soon as possible.