5 Ways Your Company May be Unknowingly Breaching GDPR

There are many things to worry about a business owner, but is GDPR high up on your list? Read on to find out why it should be…

Data breaches can have serious, and expensive consequences on a company. A failure to notify the relevant bodies of a breach appropriately can result in huge fines, some up to a whopping £8.7 million or 2% of your global turnover. 

So, ensuring data is adequately managed should be high up on your to-do list as an employer! You may need to seek the advice of data breach experts to ensure you cover all bases when it comes to data protection.  

The responsibility of an employer also extends to employees, they should all understand the role they play in securing data and what they should do if they think there has been a breach. Failure to report data breaches can result in individual fines as well, not just against the company.

Read on for five ways your firm might be unknowingly breaching GDPR…

1. Not being compliant with current data protection regulations

One of the ways your company might be breaching the data protection act is an availability breach. This is where there is an accidental loss of access or destruction of personal data. This can arise after a cyberattack that prevented access to the right people or destroyed records. 

This happens when you are not compliant with current data protection regulations e.g., having the right security systems in place.

Payday loan company Wonga fell victim to this (supposedly) in 2017 which compromised the bank details of 250,000 customers.

2. Allowing employees too much access to sensitive data

As a data protection controller, officer or owner of a company, it is your responsibility to ensure that information is: 

  • Used fairly, lawfully, and transparently
  • Used for specified, explicit purposes
  • Used in a way that is adequate, relevant, and limited to only what is necessary
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary
  • Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction, or damage

This means that you should ensure that only the intended employees have access to sensitive data. Otherwise, your company could be in breach of confidentiality where there is an unauthorised or accidental disclosure of access to personal data.

Supermarket chain Morrison’s learnt this the hard way when employee Andrew Skelton, leaked the payroll data of Morrison’s entire workforce, including bank account details and salaries. 

This led to thousands of staff receiving compensation pay-outs. You don’t want this to happen to you!

3. Not destroying data that is no longer required

Under the GDPR act, data must be kept for no longer than is necessary. So, if you are or your employees are keeping data that you no longer require, you could be unknowingly breaking the data protection act. 

And this can lead to further consequences such as this data being lost or stolen because it isn’t accurately monitored or doesn’t have enough security. 

In a world that is becoming more and more digital, the catastrophic incident that happened to Brighton and Sussex University Hospital where 232 hard drives were stolen with hundreds of patient data, hopefully won’t occur again. 

However, it’s important to remember to remove data that is no longer in use that is in the cloud, email, and other areas too. 

4. Weak user passwords or sharing password data

Apparently, it takes 62 trillion tries to guess a twelve-character password than a six-character password, but does your company implement some sort of guide on what employees’ passwords should entail? 

There are some shocking stats about passwords. From sharing passwords to writing passwords and sticky notes and using password as a password – these are big no-noes. If your company isn’t setting secure passwords or guiding employees on password choices, you could be opening yourself up to a breach of the data protection act. 

LinkedIn’s infamous breach which cost the company over three million pounds to sort forces us to consider how encryption and passwords keep our data safe.

5. Lack of multi-factor authentication

Multi-factor authentication is one of the best ways to enhance the security of sensitive information. It means that data is less likely to fall into the wrong hands – whether that be a disgruntled employee or a hacker or accidentally accessed by employees who shouldn’t have access.

Many companies fall victim to data breaches every day and two-factor authentication makes your systems more secure. Although not a direct requirement by the ICO and other GDPR bodies, it can definitely help to prevent your company from suffering a data breach.

Know how to avoid breaches of the data protection act?

This article has provided five ways that can increase your companies’ chances of being a victim of a data breach and therefore opening yourself up to lawsuits. By ensuring adequate security and minimising these five risks you can be significantly improve the security of your staff and clients’ details. This reduces a nasty shock in future. 

If you have any top tips for ensuring your company is data compliant to avoid a breach of the data protection act, let us know in the comments below. 


Photos by Vitaly Vlasov by Pexels, Markus Spiske by Pexels, Markus Spiske by Pexels and Tim Gouw by Pexels.

Leave a Comment