With just a few days before the General Data Protection Regulation (GDPR) becomes mandatory across the UK, many service-led businesses still aren’t prepared for the biggest shake-up to data protection law in years. If you are one of those not yet ready, what do you need to know to protect your business and your bottom line?
What is the GDPR?
Established by the EU, the GDPR is a set of regulations which demand that businesses and other organisations take greater care of personal data. This includes the information we hold on clients, potential clients, employees, suppliers and any other individuals.
The regulation applies to any manual or automated procedures which collect, store, use and share personal information. So, to ensure the confidentiality, integrity, and security of your data, you should have security controls in place that can both prevent and detect potential breaches.
What information is considered ‘personal’?
Personal information covers anything that could be used to identify someone. This includes things like name, ID number, online identifiers etc. Even information that has been Pseudonymised could fall within the scope of the GDPR depending on how easy it is to attribute that alias to an individual.
The GDPR also places specific emphasis on sensitive personal data. This includes things like sexuality, health, religion, race, political allegiances etc. Moreover, even if you don’t directly record such information, you have to make sure that this isn’t incorrectly stored or even inferred in any attachments, emails etc.
Why are businesses so worried?
Under the GDPR, the financial penalties for non-compliance can be as high as €20 million or 4% of annual revenue! And, with security breaches becoming an all too familiar news story, the damage to your reputation following a data breach could be even higher.
Is your service management software compliant?
The more data we use in our businesses, the more people worry about data theft and cybercrime. As such, security has never been more critical. For service-led companies, this means ensuring that any technology you use, or plan to invest in, boasts the highest level of data security and reliability.
To aid compliance, when looking at your current service management software, consider things like:
- Whether the data you keep is secured appropriately?
- Have you done all you can to keep your systems secure?
- Can you access and provide customer data if requested?
- Do you obtain consent to collect, store and process data?
- Do you have access control measures in place to ensure only those necessary can get to the data?
- Would you be able to identify and report a data security breach quickly?
As a business, you need to understand both the questions and more importantly, the answers to all these points.
How can cloud-based service-led software help you meet your obligations?
Cloud-based software providers make security a key priority. It’s in their business interests to do so! For example, at Service Geeni we have a reliable, secure infrastructure in place that far outstrips what most companies would be able to build for themselves. Indeed, significant investment would be needed to make an onsite solution match the security and reliability of our services.
However, not all cloud service providers are created equal. So, to protect your business, undertake due diligence to ensure GDPR compliance and avoid risking hefty fines and damage to your reputation. Make sure your cloud service provider understands any risks and what’s needed to minimise your exposure. To help you with this, get them to commit to an acceptable level of security as part of your SLA.
For more information on how our software can help keep you GDPR compliant, contact us today for an informal chat.