The number of data breaches divulged to the DPC (Data Protection Commission) soared by over 70% in 2018 with the introduction of the new data protection rules across Europe.
In total, the DPC was notified of 4,740 breaches during 2018, with 3,542 of those made in the months after the GDPR came into force in May.
These figures were contained in the first annual report of the DPC since the name changed from being the Office of the Data Protection Commissioner to the DPC in the middle of last year. The largest number of these complaints were related to the right of access to personal data held by others, with unfair processing of data and disclosure among the other biggest offences.
The DPC has also opened 15 new statutory investigations between May and December last year into issues around whether large technology multinational companies were compliant with GDPR.
Seven of these investigations were focused on Facebook alone, with two looking at its subsidiary company WhatsApp and one examining an issue with Instagram, which is also owned by the social networking behemoth. After a year of data breaches and privacy scandals which have impacted the company’s share price and reputation, Mark Zuckerberg has stated that he wants Facebook to become a “privacy-focused” social network. Twitter and Apple are also subject to two ongoing inquiries each, while LinkedIn is the focus of one.
As data collection continues to become a greater part of the public conversation owing to the recent MNC scandals, GDPR regulations and privacy protections are beginning to occupy a more important place in the minds of top data manager’s alongside predictive analytics, analysis, data collection and other priorities that give data its value.
When data breaches make the news, it’s usually because they occurred at a major company as with the above example of facebook, however, the reality is that cyberattacks are much more likely to be carried out against small businesses.
This can be particularly problematic as the majority of small business owners don’t even realise how much personal information they have stored about their clients, employees, and suppliers. The average small business possesses a significant amount of data that is valuable to hackers, including:
While data breaches at large MNC may yield a bigger payoff for hackers, small businesses tend to have fewer security protocols in place which makes them much easier to hack. Therefore, it is vital that these small businesses follow strict protocols to lessen the probability of a data leak.
One mooted change to improve data security is the introduction of a code of ethics such as those applied in professions such as accounting, medicine and law. Many of the ethical principles used in these professions are cross-discipline and could be applied to data storage, corporate governance and data use also.
Many organisations plan to initiate annual reviews not unlike accounting audits to ensure compliance with these ethics guidelines and managers will also be on the lookout for bias on the behalf of data controllers.
Drawing inaccurate conclusions from data can be as harmful as having no insights at all and is a major reason for the need for a code of ethics when it comes to data usage. As one senior business intelligence leader in Google put it, “the practice of ethics helps professionals to take a step back and evaluate situations from an ethical perspective.”
As such a remarkable portion of data security breaches are directly caused by employee oversight, your company’s number one priority needs to be to train employees regarding how to deal with and prevent data security breaches as the best way to counter such accidental data breaches caused by uneducated employees is to educate them. With a comprehensive retraining program in place, your business can greatly reduce the risk of a data breach as a result of employee mistake. Elements which should be included to ensure a comprehensive understanding of how to maintain data security include;
It is therefore crucial to upskill your team with the help of an industry expert.
Disgruntled former employees are one of the most dangerous data breach risks a company can face. Insiders possess the ability to bypass many of the security measures meant to stop outside attacks with ease because of the access credentials they possess. While stopping a data breach caused by a committed attacker with inside access can be tough, there are ways to diminish the risk and scope of the damage;
Delete unnecessary User Accounts: These can include all accounts meant for temporary workers, ex-employee’s or special extra accounts to give a permanent employee access to a specific system for a one-time job. Whatever the reason they exist, unused accounts are a data security risk that needs to be eliminated.
Restrict Employee Access: Not every employee needs to have total access to every database. By restricting access, you can limit the scope for an insider attack.
Monitoring User Accounts: Tracking account use helps to increase the traceability of the origin of a breach for compliance purposes. Using alerts to signal the security team when malicious activity is registered helps enable faster response times and can even allow you to stop a breach that’s currently in progress.
The majority of companies rely on cloud storage providers to back up their business data. However, you may not understand exactly how these cloud service providers are protecting your data. Checking out your cloud storage providers service agreement will enable you to understand the security measures that they have in place and whether these measures align with what you need to protect your customers
Security measures to look out for include the steps taken to safeguard your business data, who is authorised to access this data, and what happens to the data if you decide to terminate the agreement. The robustness of these cybersecurity measures should be a major factor when deciding on a cloud storage provider for your data.
Developing a comprehensive response plan empowers both employees and the employer to understand the potential impact of the breach. Employers should be transparent concerning the scope of the breach as both employees and customers want to know the truth. A well-thought-out response plan can help to limit lost productivity and prevent negative publicity.
Your response plan should begin with a thorough evaluation of exactly what was lost and when. It should also focus on finding out who is responsible. By taking swift, decisive action, you can limit the damage caused by the breach and restore your company’s public image in the event of a breach.
Naturally, the first step to take to protect your business is to build a privacy-first website.
Get in touch with a brief summary of your requirement and we’ll be happy to discuss your project in an open and transparent manner.
Request a Consultation
Navigate the complex world of cybersecurity, and learn how to protect your digital assets, ensure customer trust, and uphold your brand's reputation a..
Read More
As the European Accessibility Act (EAA) 2025 approaches, organisations must proactively enhance their digital accessibility. This guide outlines criti..
Read More
This article delves into the rapidly evolving world of voice search technology and its potential impact on the advertising industry. It highlights the..
Read MoreNavigate the complex world of cybersecurity, and learn how to protect your digital assets, ensure customer trust, and uphold your brand's reputation a..
Read More
March 2024 brought significant news with a wide-scale culling of poor quality, spammy websites, many of which heavily relied on AI-generated content...
Read More
To get customers, it’s imperative to be seen by the mass. Every successful company is unique and needs contrasting digital marketing strategies. Book a meeting with us and we will help you find the correct strategy for your company.
Our Approach