In total, the DPC was notified of 4,740 breaches during 2018, with 3,542 of those made in the months after the GDPR came into force in May.
These figures were contained in the first annual report of the DPC since the name changed from being the Office of the Data Protection Commissioner to the DPC in the middle of last year. The largest number of these complaints were related to the right of access to personal data held by others, with unfair processing of data and disclosure among the other biggest offences.
The DPC has also opened 15 new statutory investigations between May and December last year into issues around whether large technology multinational companies were compliant with GDPR.
Seven of these investigations were focused on Facebook alone, with two looking at its subsidiary company WhatsApp and one examining an issue with Instagram, which is also owned by the social networking behemoth. After a year of data breaches and privacy scandals which have impacted the company’s share price and reputation, Mark Zuckerberg has stated that he wants Facebook to become a “privacy-focused” social network. Twitter and Apple are also subject to two ongoing inquiries each, while LinkedIn is the focus of one.
As data collection continues to become a greater part of the public conversation owing to the recent MNC scandals, GDPR regulations and privacy protections are beginning to occupy a more important place in the minds of top data manager’s alongside predictive analytics, analysis, data collection and other priorities that give data its value.
When data breaches make the news, it’s usually because they occurred at a major company as with the above example of facebook, however, the reality is that cyberattacks are much more likely to be carried out against small businesses.
This can be particularly problematic as the majority of small business owners don’t even realise how much personal information they have stored about their clients, employees, and suppliers. The average small business possesses a significant amount of data that is valuable to hackers, including:
While data breaches at large MNC may yield a bigger payoff for hackers, small businesses tend to have fewer security protocols in place which makes them much easier to hack. Therefore, it is vital that these small businesses follow strict protocols to lessen the probability of a data leak.
One mooted change to improve data security is the introduction of a code of ethics such as those applied in professions such as accounting, medicine and law. Many of the ethical principles used in these professions are cross-discipline and could be applied to data storage, corporate governance and data use also.
Many organisations plan to initiate annual reviews not unlike accounting audits to ensure compliance with these ethics guidelines and managers will also be on the lookout for bias on the behalf of data controllers.
Drawing inaccurate conclusions from data can be as harmful as having no insights at all and is a major reason for the need for a code of ethics when it comes to data usage. As one senior business intelligence leader in Google put it, “the practice of ethics helps professionals to take a step back and evaluate situations from an ethical perspective.”
As such a remarkable portion of data security breaches are directly caused by employee oversight, your company’s number one priority needs to be to train employees regarding how to deal with and prevent data security breaches as the best way to counter such accidental data breaches caused by uneducated employees is to educate them. With a comprehensive retraining program in place, your business can greatly reduce the risk of a data breach as a result of employee mistake. Elements which should be included to ensure a comprehensive understanding of how to maintain data security include;
It is therefore crucial to upskill your team with the help of an industry expert.
Disgruntled former employees are one of the most dangerous data breach risks a company can face. Insiders possess the ability to bypass many of the security measures meant to stop outside attacks with ease because of the access credentials they possess. While stopping a data breach caused by a committed attacker with inside access can be tough, there are ways to diminish the risk and scope of the damage;
Delete unnecessary User Accounts: These can include all accounts meant for temporary workers, ex-employee’s or special extra accounts to give a permanent employee access to a specific system for a one-time job. Whatever the reason they exist, unused accounts are a data security risk that needs to be eliminated.
Restrict Employee Access: Not every employee needs to have total access to every database. By restricting access, you can limit the scope for an insider attack.
Monitoring User Accounts: Tracking account use helps to increase the traceability of the origin of a breach for compliance purposes. Using alerts to signal the security team when malicious activity is registered helps enable faster response times and can even allow you to stop a breach that’s currently in progress.
The majority of companies rely on cloud storage providers to back up their business data. However, you may not understand exactly how these cloud service providers are protecting your data. Checking out your cloud storage providers service agreement will enable you to understand the security measures that they have in place and whether these measures align with what you need to protect your customers
Security measures to look out for include the steps taken to safeguard your business data, who is authorised to access this data, and what happens to the data if you decide to terminate the agreement. The robustness of these cybersecurity measures should be a major factor when deciding on a cloud storage provider for your data.
Developing a comprehensive response plan empowers both employees and the employer to understand the potential impact of the breach. Employers should be transparent concerning the scope of the breach as both employees and customers want to know the truth. A well-thought-out response plan can help to limit lost productivity and prevent negative publicity.
Your response plan should begin with a thorough evaluation of exactly what was lost and when. It should also focus on finding out who is responsible. By taking swift, decisive action, you can limit the damage caused by the breach and restore your company’s public image in the event of a breach.
Naturally, the first step to take to protect your business is to build a privacy-first website.
About the Author
Neil Chevalier is a digital expert working at Digital Strategy Consultants. He has a passion for strategy and for assisting organizations achieve their online goals through best practice techniques and priming them to drive competitive advantage through the early adoption of emerging digital technologies. Neil holds an MSc in Digital Marketing Strategy (TCD) with a strong interest in consumer psychology and human behaviour.
There is a growing concern that chatbots may undermine traditional search-based advertising models, disrupting the ZMOT journey and will ultimately da..
The importance of Hreflang, Canonical link Tags, and multilingual sites in today's globalised digital landscape cannot be overstated.
The technique of personalising adverts and other marketing materials to specific persons or groups is known as personalisation in marketing.
To get customers, it’s imperative to be seen by the mass. Every successful company is unique and needs contrasting digital marketing strategies. Book a meeting with us and we will help you find the correct strategy for your company.
Our Approach