“We don’t process any personal data ourselves” or “Our customers know what we do with their data – so we don’t have any special data protection requirements” Do statements like these sound familiar? Then you need to be extremely careful. Data protection law applies to every company – including you. If you have contact details from customers, have employees or a website and you must comply with the strict requirements of the General Data Protection Regulation. Here are 12 typical mistakes you should avoid when it comes to data protection.
- Unclear privacy policy on the online presence: A website without a comprehensive and understandable privacy policy is a privacy violation. Is your privacy policy secure and does it include information about analysis tools? Make sure that you provide transparent information and have a contact person for privacy-related questions.
- Carelessness with documents: Documents or notes often end up in the trash without being checked for content. However, personal data does not simply belong in the trash, but must be destroyed in compliance with data protection regulations.
- Errors in the cloud: SaaS Services such as Google Drive are practical and, when used correctly, can even provide added security. However, an unmanaged cloud service can also be a gateway for data breaches.
- Poor communication: Unintentional disclosure of personal data, whether on the phone or in an e-mail, but should not happen, but still happens quickly. Awareness on the part of employees is required here. Data protection training provides a remedy here.
- Carelessness in the workplace: An unlocked office or a computer without a screen lock can lead to data loss and data breaches. This is especially true for areas where visitors also have access.
- Sloppy password practices: Using too simple or identical passwords across different platforms and applications can be a gateway for cyberattacks. Good password management is therefore mandatory.
- Capacity issues: Data protection issues are complex and constantly changing. A reactive approach is not enough. Companies must be proactive and constantly adapt. This requires that there are people who have enough resources and appropriate know-how.
- Ignorance of the requirements of the GDPR: Do not trust that the GDPR does not apply to you. This is certainly wrong. Get an overview of the legal requirements and make a plan on how you will deal with these risks.
- Risks in communication: E-mail addresses are personal data. When sending e-mails to large distribution lists, use the “BCC” function so that your mailing does not become a data breach.
- Video surveillance without labeling: If you use video surveillance, strict requirements apply. In any case, video surveillance must be clearly marked and you must provide detailed information about it. Simple signs with pictograms are not sufficient for this.
- Lack of employee training: In data privacy, too, people are often the greatest risk factor. Training is essential to educate employees about data protection risks and correct behavior. Among other things, this can help prevent accidental data leaks or phishing attacks.
- Mixing private and business: The use of apps such as WhatsApp on company devices is problematic. This is especially true if such apps have access to the address book.
It is your responsibility to take the necessary steps to ensure that they comply with and implement data protection in your company. The good news: efficient data protection is easier than you think: PLANIT // PRIMA is a data protection software that not only stands out with its browser-based and intuitive user interface, but also combines all the essential building blocks for a seamless data protection organization.
Equip your company for the data protection challenges! Book your free, personal tour of the tool now.
Irina Diz shows you the world of PLANIT // PRIMA.