Archive for April, 2017

A quick guide to GDPR and what you should be doing about it

Wednesday, April 12th, 2017

What is the GDPR?

Firstly, the GDPR affects every business that holds personal information on anyone, be they employees, customers or suppliers. It is a rare business that does not hold a list of personal data of some kind, on or offline.

The General Data Protection Regulation (GDPR) is a legal directive from the European Union for the protection of such personal data. It seeks to address the inconsistent data protection laws currently existing throughout the EU’s member states. Despite Brexit, the UK is still bound by this new law, not only because the UK has chosen to (because it makes sense) but trading with countries who operate under GDPR will be compromised if we don’t uphold the same standards.

What’s the big deal?

Failure to comply with GDPR could mean you risk being fined up to 4% of your company’s global annual turnover. Not only could your business suffer financially but you could also damage your reputation and credibility – who wants to do business with an organisation that doesn’t prioritise its clients’ security?

So begins the 12 month countdown…

What should you be doing?

You must:

  • Keep a record of data operations and activities and consider if you have the required data processing agreements in place
  • Carry out privacy impact assessments (PIAs) on products and systems
  • If applicable to your organisation, designate a data protection officer
  • Review processes for the collection of personal data – do you ask permission? Many CRM systems encourage a dual confirmation (hence why you are asked to click a link via an email after registering with an organisation)
  • Be aware of your duty to notify the relevant supervisory authority of a data breach
  • Implement ‘privacy by design’ and ‘privacy by default’ in the design of new products and assess whether existing products meet GDPR standards

What else could help?

  • Educate your staff – and explain the implications
  • Set up internal systems for reporting a data breach
  • Make sure you extend your GDPR preparation to include any third parties who may have access to your data
  • Ensure you extend the policies to cover everything your store both offline and online
  • A really powerful solution that we recommend is to use a secure client portal and NEVER use email to distribute information of any kind. A secure portal like docSAFE means data doesn’t leave the portal but can be accessed by authorised people only

And if you don’t?

There is a two-tier fine system that will kick in from May 2018. Tier 1 means that if a serious data breach occurs, putting data at risk, you will be fined up to £17.25m or 4% of the previous year’s annual global turnover – whichever is the greatest. Tier 2 can lead to fines of up to £8.6m or 2%, whichever is greater.

How can we help?

Talk to us. We are experienced in identifying the areas of your business that are vulnerable and need addressing for GDPR purposes. Not only that but we know how to implement layers of security for your business that go beyond government legislation. We care about protecting your reputation and credibility, especially for those in the professional sector whose business relies on discretion, the handling of sensitive documents and client protection.

Can you be too secure online?

Tuesday, April 11th, 2017

No of course not. Online security extends to your website, emails, social media and so much more. At Online Practice, when we are developing software and systems such as docSAFE (our established client portal), security is our number one priority, surpassing functionality and appearance every time. Why create something that is amazing if it’s not secure?

Our layers of security include the inclusion of QR codes, 2 factor authentication, encryption and, of course, the https certification that is currently being pushed hard by Google (see our other blogs for more about this). We believe that a secure site, layered with several other security measures is the most powerful deterrent against hackers. And we can’t stress enough that hackers don’t just target the big boys – they have strong motivation to hack into any site.

We offer unique QR codes alongside online signatures to strengthen security at every level. QR codes are not new but in the fight against online fraud and hackers, they are a being used increasingly as a way of increasing the ‘uniqueness’ of an online signature. We encode the security data within our QR codes, not the signature or date so it is tamper-proof.

Ask us for more information, we are happy to share our knowledge!

Here’s why email is not secure…

Tuesday, April 11th, 2017

We all know of instances where emails are sent to the wrong person. In most cases, this can be simply excused by human error and we move on. However, occasionally, and of course to journalists’ delight, it creates headline news as vast numbers of personal details are exposed or documents are leaked to huge detriment.

But have you ever considered why email is not secure? Well, when an email leaves your inbox to wing its way – in an instant – to its intended recipient, it travels through an unknown number of servers. The point being, you don’t know who has access to those servers.

It is possible, to a degree, to encrypt email contents before they leave you, with the encryption remaining in place until the email hits the recipient. This is a good solution but there are still some issues around the security levels of your recipient. This is why we advocate the use of one or more security levels – we provide QR code security, dual factor authentication and a number of encryption solutions.

Above all, we recommend avoiding email for sensitive information and, instead, using a secure client portal – a sort of ‘pigeon hole in the sky’ where you can safely deposit documents that can only be collected by the intended recipient.

Talk to us, together we can make sure you are as communicating as securely as possible.

Take the next step, call us today
0121 794 0685