In today’s digital age, data protection is not just a legal requirement but a cornerstone of trust and reliability in business. For micro and small businesses, managing data protection alongside many other responsibilities can be overwhelming.
In the digital era, where data breaches and compliance fines are a real threat, the need to delegate data protection to a specialist becomes paramount. For small and micro businesses, navigating the complexities of data protection laws such as the Data Protection Act 2018, UK GDPR, and PECR can be daunting. This is where the significance of delegating data protection comes into play.
Here’s why a specialist is indispensable:
Expert Knowledge: Data protection specialists are well-versed in the intricacies of laws and regulations. Their expertise ensures that your business remains compliant, avoiding costly legal pitfalls.
Risk Mitigation: Specialists in data protection are adept at identifying and addressing potential security vulnerabilities, significantly reducing the risk of data breaches and the associated financial and reputational damages.
Focus on Core Business: By delegating data protection, your business can concentrate on its core competencies, which are essential for growth and sustainability.
Cost-Effectiveness: Investing in a specialist is often more cost-effective than managing data protection in-house. It saves resources spent on training and keeping up with evolving legislation.
Customer Confidence: Demonstrating a commitment to data protection through a specialist can significantly boost customer trust and loyalty, as it shows a dedication to safeguarding their personal information.
Why Choose Michelle Molyneux Business Consulting?
Choosing Michelle Molyneux Business Consulting for your data protection needs is a decision that offers both peace of mind and strategic advantage. With their deep understanding of data protection laws and a track record of effectively managing risks, they provide a service tailored to small and micro businesses’ unique needs. Their proactive approach not only ensures compliance and security but also positions your business as trustworthy and responsible in the eyes of your customers. Partnering with Michelle Molyneux Business Consulting means you’re not just meeting legal requirements; you’re elevating your business in the realms of security, trust, and professionalism.
As business owners, we are specialists in our own right. But we do not know everything – no matter how much we Google. Sometimes, it is too time-consuming to do it ourselves, too technical or just brain-numbingly boring. That is when we need to look externally for help, either as a long-term solution or as a short burst of guidance using a consultant. But getting that help can be a project in itself. How do you find the perfect fit?
Businesses get accreditations to show they have met a certain standard within a certain area or sector. Some accreditations include CHAS (health and safety), Data Security and Protection Toolkit (Health and Social Care), PQASSO.
The Data Security and Protection Toolkit is a self-assessment that shows commissioners and CQC that you have met a certain level of compliance in data protection.
Where do I start?
One of the hardest parts of getting accreditation is to decifyer what they are looking for and then collating it all.
Getting material together for an accreditation can be difficult and time-consuming.
What is Accreditation Support?
We work with a business to work through the accreditation instructions, identify what documentation you need and collating in a logical way ready to submit.
What do we do?
We breakdown what the accreditation requirements into;
a list of documents you need
easy to understand questions to be answered to provide evidence
schedule online sessions in to ‘blast’ through the questions and collate the evidence, where necessary
complete the questions and upload the evidence provided
We will even help identify what material is missing and support you to create AND implement it in the organisation.
Guarantees
We can not guarantee accreditation, as this is based on the answers and information provided by the businesses. Unfortunately, we can’t get accreditations when information and material is not there. BUT we can work with you towards gaining accreditations.
If you would like to know more, book a free 30 minute chat to see how we could support you best.
Many people think of passwords simply as a nuisance, a barrier between us and trying to access the websites and services we need.
On the other hand, some go the extra mile in creating passwords that are as strong as possible. This can be done by utilising a range of features to keep the accounts safe and secure for us to use for both business or otherwise.
One approach is definitely better than the other…
Understanding what makes a strong password is essential to protect our data. They are the first line of defence against unauthorised access. However, research clearly shows we don’t always use secure ones.
Reasons for this vary. Many think a short or straightforward password is easier to remember, and having that same password for a range of sites and services can save time.
They are, and they can, but from a security point of view, doing so is a risk that is not worth taking…
Here are some top tips to help you stay secure:
Switch on password protection or other authentication method
If your device has the capability, please use it.
Passcodes and passwords are the first line of defence for stolen or lost devices. Biometrics have made this process even easier, with features such as fingerprints and facial recognition. It is a fast and highly secure way to unlock your device.
Use two-way authentication
Multi-factor authentication is a method in which the user is only given access to a website or service after presenting two (or sometimes more) pieces of evidence that they are who they claim to be.
So, for example, after entering a password and username, you might be sent a text message to your registered mobile device, email address or other authentication app or token. That message will be a code to be entered at the next stage to guarantee you are you!
Password management
Many are tempted to avoid longer alpha-numeric passwords, as they are difficult to remember and time-consuming to enter.
Password management applications solve that issue by storing the passwords securely for you (they can even create them, too) and entering them on your behalf when you need to.
This feature is baked into IOS devices, Google Chrome and Microsoft’s Authenticator app. There are also password managers such as LastPass, which store encrypted passwords online.
Don’t be ‘password predictable’
This is by far one of the most significant challenges to overall security online. Scammers, hackers and other cybercriminals are well aware of this fact. It doesn’t always take computing power, just a little background information.
Birthdays, favourite places and pet’s names can all be easily ascertained via social media profiles. When you add in the usual common passwords some of us tend to choose, it isn’t difficult to see why anyone looking to trick their way into your accounts can have a massive range of password options to try.
Many cyber criminals instead use computing power in what are known as ‘brute force’ attacks to guess passwords with the help of automated software repeatedly. It is simple for the cybercriminal but potentially devastating for you or your business.
Here are some ways to avoid being ‘password predictable’:
Always avoid using predictable passwords
Try choosing three random words, but swap out certain letters for symbols, so for example Troutclocklight could be tr0utCl0ckl1&ht
Have your own rule for what letters you take out, what you replace them with and what you capitalise
1t 15n’t t00 d1ff1cU7t, and it is A LOT more secure…
If you need help or advice on making your business be data savvy, why not book a free clarity call? It might just save you time, stress and money in the future!
Data protection is all about the rights of an individual and the systems you need to have in place to comply with the requests that, sooner or later, you will be faced with from the people whose data you may hold or process.
Knowing what those individual rights are will help you to recognise a request when you encounter one. It will also be a big help when putting the policies in place to deal with them within the required time. Familiarity with these eight key rights will also help you record the requests you receive and recognise the importance of handling and transmitting the data safely and securely.
Here is a breakdown of the rights of an individual regarding data:
The right to be informed
The collection of a person’s data and its subsequent use are things they have a right to be informed about. It’s important to provide the following things:
The reasons why you are processing their data
How long you intend to retain it and who you will share it with. (This is privacy information, which has to be provided when you collect the data itself)
The inform you provide must be transparent, easy to understand and no longer or complex than it needs to be
The right of access
Everyone has the right to access their personal data and other supplementary information by making a ‘subject access request’ (SAR). This request can be made to you verbally or in writing by the person themselves or a third party acting on their behalf.
A business usually cannot charge a fee for dealing with a SAR request
They have to be dealt with in a timely way, usually within one month of receiving the request (this can be extended if the request is considered complex)
The data must be disclosed in a secure way
The right to rectification
Sometimes, data held are inaccurate or incomplete; an individual has the right to have it rectified.
This can be done verbally or in writing
Similarly to a SAR request, this must be undertaken in a timely fashion, within one calendar month
The right to erasure
The right to be forgotten is one that everyone has, although there are certain extenuating circumstances when not all data can be deleted. This might be as a result of other legal regulations and reasons.
The right to restrict processing
Whether restricted or suppressed, in certain circumstances, an individual does have the right to allow you to store personal data but not to use it.
The right to data portability
As the name implies, data portability gives a person the right to obtain the personal data you hold about them and reuse it for a different service. That might help them find a better bank, a different GP or a cheaper energy supplier.
The right to data portability applies only to information that has been given to a controller.
The right to object
Everyone has the right to voice objections to their data being used for direct marketing. However, under certain circumstances, companies can continue processing data if a compelling reason to do so can be proven.
You have to inform an individual about their right to object
You can refuse an objection but you need to be aware of the information you have to provide in doing so
Rights around automated decision making and profiling
Automated decision making and profiling eradicates the human element from decision making and evaluating certain things relating to an individual and their data.
Businesses can only carry out automated decision making and profiling under certain contractual, legal and explicitly consensual conditions
The facility to challenge a decision or request human intervention must be in place
Systems must be audited regularly to ensure they are working as they are meant to
For more detailed information relating to the individual’s rights and how you and your business can be fully compliant, visit The Information Commissioner’s Office website, where there is a dedicated breakdown and checklist for each.
Alternatively, reach out via my site for the help and advice of a GDPR specialist.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
