GDPR and Restoring Trust

Two interesting statistics to lay side by side:

93% of adults say that being in control of who can get information about them is important.

75% of adults in the UK don’t trust businesses with their personal data.

The public does not trust businesses to look after something that they really care about. This is a problem.

“Imagine if 75% of us didn’t trust business to be honest about pricing, or to keep their own service agreements. We’d say something fundamental had broken down,” commented Elizabeth Denham, Information Commissioner, in a speech that outlined the rational for GDPR and some of the things the regulation hopes to achieve.

Price vs Cost of Data Storage

The cost of a terabyte of storage is plummeting at an exponential rate. The low capital outlay means that companies have got used to keeping more data than they need, for longer than necessary. The cyber attack on telecoms firm TalkTalk exposed 150,000 customers’ names, addresses, dates of birth, phone numbers and email addresses and 15,000 peoples’ bank accounts. Many of these details had first been collected by a pay-tv company Tiscali a decade before.

TalkTalk was hit with a record fine in 2016 for data breach - £400,000. Post GDPR, the ICO penalty would be up to £17 million or 4% of global turnover. This would be in addition to the £60 million the company said the breach cost it in terms of additional security and other business costs. 180,000 subscribers took their business elsewhere following the hack. What the TalkTalk event showed us is that the price companies can pay for data storage can be infinitely higher than the price they initially pay.

Confidentiality is Key

At Techbuyer, we have always known that confidentiality is vitally important to our business. Many of the businesses we deal with are shy when it comes to any kind of publicity. We have always made client privacy a priority. Our employees handle individual accounts, meaning that there is always one point of contact for each company. Firewalling our business processes in this way has been prepared us well on the journey towards GDPR compliance.

Techbuyer’s business covers the whole spectrum of GDPR, from direct marketing and database management right through to data wiping the 10,000 hard drives we process every month. Designing the correct systems, writing new procedures and policies that would cover every department took 1000 hours over three months. We tried to keep our strategy simple, in keeping with the advice on our article Help! Am I GDPR Complaint? At the heart was a simple philosophy: minimise the data we hold and minimise the number of people with access to it.

A simple approach

The more sensitive information an organisation shares between employees, sites and departments, the more protocols it has to put in place to protect the information. Background checks, security clearances, multiple passwords and the like all take up time and money. We take the path of least resistance. For an idea of how this works in a broad sense, we work on the premise that each department only needs access to the information that directly relates to the workload and security is improved automatically.

We couple this approach with regular assessments of what data is held and whether it is still necessary. The idea is that the more streamlined the system is, the easier it is to defend against malicious attack and accidental leaks. A company like ours relies on strong relationships with our customers, suppliers and employees.  Trust has been a core pillar of our business since the beginning. GDPR for us was about codifying this in as straight-forward a way as possible.

For some simple, readily available tools that will help towards GDPR compliance, check out our article 18 Practical Tips for GDPR compliance