In this article, we’ll be exploring 5 human errors that your business should avoid to maintain compliance with GDPR laws.
Most people would have heard of GDPR at some point in their employment, but if you haven’t, then the business you work for could be in a vulnerable situation of breaching data protection acts.
In cases of confidential information sent to wrong addresses, penalties for businesses can be steep. Since the introduction of GDPR in 2018, businesses face increased responsibility for protecting company, client and employee data. In this article, we’re looking at five ways in which human error can lead to breaches of GDPR laws.
What is GDPR?
The General Data Protection Regulation (GDPR) replaced the 1998 privacy act and was introduced in order to regulate the collection, storage and sharing of data across the EU.
This law serves to safeguard personal and confidential information to prevent crimes such as financial and identity theft as well as protecting the vulnerable. Penalties for the breach of GDPR laws can run into millions of pounds or approximately 4% of annual turnover.
Human Errors Which Lead to Data Breaches
When a data breach occurs, rather than being a computer glitch, it’s usually down to human error and, in this section, we’ll look at five ways in which mistakes can lead to a breach of GDPR laws.
• Email
Email is a big part of daily life for most employees and, while this is an extremely useful method of communication, it is also a major cause of GDPR breaches. Email scams such as phishing, whereby links or requests for information are sent by email, can present a huge problem to businesses.
This type of error occurs when an employee clicks on a link or shares information in the mistaken belief that an email received is a legitimate business matter. This can quickly lead to information being shared with criminals who will then use this for their own gain.
Another type of email data breach, which happens all too often, occurs when an employee copies in recipients in the primary address box rather than using the BCC function. This means that all email addresses are visible to all recipients and therefore breaching data acts. To avoid this, businesses should have strict policies in place regarding the use of email and if necessary, disable links received by email in order to minimise the risk of accidental breaches.
• Passwords
The use of passwords managers is an integral part of a business’s data security. However, in many instances, these are not as secure as we may think. It’s estimated that a 12 character, numbers only password can be hacked in just 25 seconds, which is essentially an open door for cybercriminals.
To avoid breaches happening this way, business owners should ensure that password protocols are in place which require employees to use different passwords for different systems. Each password should contain a combination of upper and lower case letters, numbers and symbols to help keep hackers out.
For extra security, employers may want to consider two step authentication which requires an additional level of security as well as a password. For example, a fingerprint or a code sent to the employee’s mobile phone.
• Unintended Sharing or Publication
On any given day, employees spend a great deal of time flipping between a number of personal and professional systems and platforms and this can lead to inadvertent sharing or publication. For example, sending or forwarding an email to the wrong recipient or accidental sharing information on social media.
While most businesses are reluctant to completely ban the use of social media and personal emails at work, it is a good idea to have strict rules in place for these in order to avoid costly errors in sharing. Training employees to be mindful about what they are sharing and when is a great first defence against data breaches.
• Device Sharing
When a friend or family member asks to use your phone or laptop, saying yes is the most natural response, but one which could lead to data breach if the device is used for business purposes. Allowing others to use your work device could result in malware attacks without you knowing.
Employers should implement strict rules regarding the use of company devices and encourage employees to refrain from allowing other people to use these devices. Similarly, employees should be discouraged from downloading anything onto company devices, such as personal documents and downloads.
Device theft can also be a significant factor in business data breaches and so, employees should be discouraged from carrying devices around with them unless necessary.
• Incorrect Permissions
When setting up business systems, one or more employees will usually be responsible for assigning permissions - i.e. telling the system who is allowed to access it. When an error is made during the inputting of permissions this can have serious consequences for data held by the company.
Employees who are responsible for activities such as permissions should be monitored closely, and a buddy system can be useful here whereby work is checked by a colleague to minimise errors.
Closing the door on data breaches…
The inadvertent sharing or publication of personal details has always been a problem but, in the age of GDPR, it can turn out to be an expensive one for businesses both in terms of finances and reputation.
Ensuring that there are protocols and guidelines in place to help prevent data breaches should be standard for businesses in 2022 and, educating employees in these best practices can help to keep your business safe from legal action.
Please be advised that this article is for general informational purposes only, and should not be used as a substitute for advice from a trained legal professional. Be sure to consult a lawyer/solicitor if you’re seeking advice on GDPR matters. We are not liable for risks or issues associated with using or acting upon the information on this site.