In the last couple of years, how we work has changed immensely. We now want to work in a more hybrid way or work from home more often. Virtual working is in high demand, which means data protection and privacy need to be a high priority.
There are some things that organisations need to implement for the safety of the business and their clients.
Working from Home
As working from home becomes increasingly common, it is essential to ensure that proper data protection measures are in place. Team members must take steps to secure confidential and sensitive information. This will include using secure networks and passwords, encrypting data, and limiting access to work devices. That means work devices should only be used for work purposes by the appropriate person. A work-issued machine should not be shared with others in the house.
Businesses should also provide clear policies on data protection and train their employees on best practices. Regularly backing up data and conducting security audits can also help mitigate data breach risks while working remotely.
Shared workspaces
Co-working offices have become increasingly popular over recent years way to working virtually. They offer individuals and small businesses the opportunity to work from a shared workspace. However, with this trend comes unique challenges related to data protection. Co-working spaces often involve using common areas, such as shared printers and wifi networks. This can potentially expose sensitive information to unauthorised parties.
This may account for the results of a survey by Veritas Technologies which stated that 74% of companies experienced data breaches at co-working spaces.
We are not saying co-working spaces are unsafe and should not be used. They are a great place to work. But, it is essential when working in a co-working space to implement additional data protection measures, such as encrypted networks. The easiest way to do this is to use a VPN on your device.
In fact, with VPNs, I would use one whenever using an external wifi source to protect your data and access from others.
In addition, users of co-working spaces need to be conscious of the work they are working on and what can be seen by others. You are in a public area, and someone could look at your screen over your shoulder.
Additionally, co-working space users need to be diligent in protecting their data, such as using strong passwords and avoiding public wifi networks. With proper measures, co-working spaces can protect their users’ data.
Bring your own device
In today’s digital age, Bring Your Own Device (BYOD) policies are becoming increasingly common in workplaces, which can pose a challenge to data protection.
As team members use their personal devices, it cannot be easy to ensure that sensitive information is not compromised. To address this issue, organisations can implement security measures such as encryption, multi-factor authentication, and remote wiping capabilities to protect data on personal devices. It is also important for team members to receive training on data security and for clear guidelines to be set regarding using personal devices for work purposes. By taking these steps, organisations can better protect their sensitive information and reduce the risk of data breaches.
There is a theme running through each of these sections: cyber security, which is not limited to the above.
Cyber security
As more people are working remotely, cyber security has become increasingly important. Working virtually can leave individuals vulnerable to cyber attacks. As a result, it is important to have secure connections and to use strong passwords to protect sensitive information.
The first thing that needs to be checked/verified is that the set password for the router has been amended, as has the login to the router. They may look like a unique password on the base of the equipment, but they still need changing.
Additionally, when working from home, caution should be given when clicking on links or downloading attachments from unfamiliar sources. Training should be sourced and provided to employees. If you work with freelancers or sub-contractors that access your systems, you must ensure they have completed training.
Where possible, resources and lessons learned should be shared to ensure their remote employees are aware of potential threats and are taking the necessary precautions to keep company information safe.
If you have any questions about supporting your business and team to work safely and compliantly virtually, or if you would like support applying for Cyber Essentials, why not book a free 30-minute call to see what we can do?
Running a business in today’s world can seem to some like an endless battle to keep things afloat. Markets change, customer habits evolve, and goalposts shift regularly.
It is worth seeking every bit of help you can get, and the good news is, it’s all out there, just waiting to make life a little easier and save you precious time, resources, and money.
Finance software
A common issue for small to medium enterprises is the occasional need for specialised financial know-how. Accounting software packages, such as Quickbooks or Xero, can solve that problem. They allow you to customise invoices, accept payments, manage tax, and run payroll through a simple interface.
Users can also file VAT directly to HMRC in the UK, saving around 8 hours per month and a lot of stress.
Customer Relationship Management
CRM software can handle sales and marketing with a level of efficiency that a small business might struggle to match otherwise. CRM automation helps a business manage interaction with potential customers, plan and manage marketing, and maximise sales opportunities.
CRM can give businesses a new level of automation and a real advantage over their competitors.
Microsoft Office
It is much more than Word, Outlook, and Excel. Throw in calendars for diary management, Teams for remote working, and lesser-known apps such as MileIQ for tracking expenses, To Do for comprehensive task management, and Bookings for any business relying on appointments, to name just a few.
Office is full of potential for every business; getting the most out of it takes time.
Social media
An engaging, authoritative presence on sites such as Twitter, Facebook, or Instagram can do so much to earn authority and drive people to a company’s site or services, but how many do it when things get busy elsewhere?
Automation is one possible answer. Social media management tools such as SocialBee and PromoRepublic let users plan content and publish it when they choose.
Blogs
A website can benefit massively from a blog. It can be a place to showcase new products and services, identify an audience’s problems and provide solutions. Baudience’slso the perfect tool to drive people to your e-commerce pages and help you climb the search engine rankings.
Many SMEs rely on freelance writers and virtual assistants to keep their websites full of engaging and meaningful content. Then, they use tools such as Missinglettr to create up to a year’s worth of social posts from a single piece.
An easy and effective way to direct traffic to your site while you might be busy doing other things.
Planning software
When looking at planning software, we need to think of a few things
It’s usability
The interface
IntegratiIt’sCost and value for money
The key features you are looking for are
planning and scheduling
task dependencies
Project timelines, calendar views and roadmaps
Task management
Collaborations and communication features
Budget planning and tracking (by project)
Client Portal
It really depends on the business’s needs. Do you want an all-in-one business tool or just a planning/task tool?
The list is endless in this section. Some big names have used the planning software as the base for their collaboration and ‘all-on platforms’. These include Avaz ‘, Click-up, Flow’u, Monday.com, and Plutio.
But if you are looking just for a planning tool, then you also have Microsoft Planner, Asana, and Trello. Microsoft Planner can be used on its own or included in Teams to be a collaborative tool.
Instant chat
We are now all familiar with tools such as Microsoft Teams, Google Hangouts, and Zoom, which have gone from occasional use to vital business tools in under a year. It is also worth noting that tools such as WhatsApp have an engaged user base in the region of 1.5 billion users; that is quite a bit of potential for any business.
But there are the chat/pop-ups on your website, such as Birdseed.io
Websites and Graphic design
Every business with an online presence relies on the quality of its website to match the quality of its products and services. Still, is it necessary to invest (often heavily) in a specialist web designer?
Sites like Wix and WordPress give users all the templates, tools and simple interfaces they need to create eye-catching, quality-hosted websites for a much more modest annual investment.
They also offer to work with their teams to build better sites and maximise the SEO tools.
Summary
There is no list or set of tools that will fit every business. The tools we use and how we use them can be as individual as the business.
But as a business evolves, so do the tools. It is essential to audit the business to see what is being used. It is common to find individual departments using different providers for the same tool, e.g., Mailerlite and Mailchimp. This risks duplication of data and an increased risk of data breaches, but it also increases costs.
*Please note that clicking on a link from this page will send you directly to the product’s website, where we may earn a small affiliate payment for any purchases you make. Check out the resources page for more details.
Privacy management can be a contentious issue. Isn’t it the business’s data when I have it? The data is out there, so why can’t I use it? Why should businesses care about the management of data and privacy?
History
The Universal Declaration of Human Rights in 1948, has one of the earliest statements towards the right to an individual’s privacy.
That was over 70 years ago, and the rights of an individual, in relation to privacy, are still being defined and redefined; 1973 and the first Data Act, in Sweden. The 1998 Data Protection Act in the UK and then, subsequently, the 2018 General Data Protection Regulations (GDPR), led to countries around Europe updating their own data protection laws.
Businesses have adapted and changed in 70 years, especially with the advancement and speed in technology. Hence the changes and updates in legislation, especially in relation to information sharing.
Privacy conflict
Businesses need data to run their businesses. Ideally, many businesses would say, they need to gather information to contact prospective clients and use that data as they want within their business. Look at the big tech companies, like Meta, Google and Amazon, who rely on the collection and ‘reusing/distributing’ of data as a fundamental cornerstone of their business. The selling of data can be a considerable income stream.
It is no wonder that businesses, no matter how big or small, have difficulties with privacy; especially when you have to balance the needs of the business with the needs of the individual. The individual has rights!
And there is the conflict. Many businesses argue either the information is out there or that the person has given it to them, so why can’t I use it the way they want to?
Good data management is good for business. Having everything in place can mean that things run smoother, and ore importantly, it can help reduce costs (especially in relation to software).
Who’s data is it?
GDPR set out to clarify the importance of privacy and data security. More importantly, it determines who the owner of the data is. The individual owns the data, and not the business. Businesses are, in effect, custodians of the information held by a living person. As a result, they have to follow the principles of the regulations.
Lawfulness, Fairness and Transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
Accountability
In short, that means that businesses need to
Identify the legal reason for collecting and storing the information AND have a way of informing the individuals.
Ensure individuals’ rights are protected and acted upon.
Only use the information for the purpose it was collected. This means we can not collect information and then use it for whatever reason we want, regardless of it being in the public domain.
Only collect and store the bare minimum we need for the minimum amount of time we need to store it
Ensure that the information we keep is accurate and if not correct it
Ensure that the data is not lost or destroyed
Being able to show compliance with the legislation.
Managing privacy
Saying we are data protection compliant is not enough. Businesses need to prove it. Some key areas to look at are
Know your data
Map out what data you collect, save and keep; for what reason, and where it is.
Only use it for the purpose collected
One example of this is, networking contacts can not be added to your email marketing or send sales emails. They consented for you to have their details; they did not consent for you to add them to your email marketing
Keep it up-to-date and accurate
Account status, contact information, and payment history.
Assess, review, and update
Assess what documentation you have and need
Review for updates and changes in practice
Look at trends in data security
Secure it
Ensure that physical material is locked away securely
Ensure digital devices are secure and backed-up
Training
Train your staff on what is data protection, and IT security
Have policies and processes in place, so they know what to do
Keep records
log incidents and lessons learned
keep records of equipment, software
risk assessments and DPIAs
Sounds complicated?
It doesn’t need to be complicated. Help is at hand. As a data protection specialist, I am here to support and assist with your data protection woes. Why not get in touch?
If GDPR and compliance are a concern for you or your organisation, don’t worry. Taking all the different aspects in at once can (and probably has) caused everyone to feel a little overwhelmed at some point. But it doesn’t need to. Here are the five tips to know about and why they matter.
Transparency
When it comes to GDPR, transparency is a fundamental principle. The reason why that’s the case is simple. It gives individuals as much control over their data as possible and facilitates their rights.
Control and rights are both fundamental underpinning principles of GDPR.
How does a company demonstrate transparency? The content of privacy notices is a good start. Good, compliant examples include
the contact details of the company;
if required, the Data Protection Officer,
the purpose and lawful bases for processing the data
and the categories of personal data you hold to name a few.
Mapping your data
Data mapping confuses some, but its principle is relatively easy. Mapping your data means establishing what information you hold and exactly how it flows through your company. This type of audit (also known as a mapping exercise) should be performed regularly by assigned individuals.
Doing so ensures it is maintained and amended as needed by a person or persons who are aware of their responsibilities.
Reporting breaches
Breaches can unfortunately happen, and on a long enough timescale, something similar to the list below probably will.
Data breaches can take many forms, such as:
Device loss or theft
Phishing scams
Hacking
Lost or stolen external USB drives
Breaches can also result from carelessness or lack of awareness, such as unattended computers and, especially recently, working from home on unauthorised personal devices and unprotected networks.
Reporting breaches of personal data have been mandatory since before the GDPR came into force. It just became more visible,, and the assessment for reporting changed. The Information Commissioner’s Office has a dedicated section for more information about breach reporting.
Knowing your subject’s rights
Data subjects have a wide range of rights relating to the data you hold about them, making it essential to know why you are processing the information you hold about them.
Data subjects have some or all of the following rights:
The right to be informed (Including why you are processing their data, how long you intend to retain it and who you might share it with.)
A right of access (Typically referred to as a Subject Access Request or SAR which must be dealt with in a timely way.)
The right to rectification (If the subject feels their data is incomplete or inaccurate.)
A right to erasure (Also known as the right to be forgotten, sometimes for legal reasons this may not always apply)
The right to restrict processing (In certain circumstances, an individual as the right to store their data but to stop you using it.)
A right to portability (The right to obtain their data and reuse it for another purpose or service.)
Being accountable
For both controllers and processors, demonstrating compliance and putting measures in place to meet the requirements for accountability will mitigate the risk of enforcement action. Still, it will also build trust in your business and its services and raise you above the competition.
For help and advice around transparency, avoiding breaches, mapping the data you use, subject’s rights and accountability, get in touch today; I’d love to offer you help and advice in the field I specialise in.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
