When you submit an enquiry via our website, we use the personal data you supply to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale. Your enquiry is stored and processed as an email which is hosted by Microsoft within the European Economic Area (EEA). We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them.
Whether you are a start-up or a large organisation data privacy is important, as web threats and data theft cases rise. The risk of data breaches can be significantly reduced with the appropriate safeguards in place, and ensuring proper security and data capturing procedures is key.
So, in light of Data Privacy Day 28th January, we’ve put together some practical advice for your organisation to keep its data safe and secure.
We can’t stress enough how important it is to have a unique password for sensitive data accounts such as emails, banking and cloud service accounts, if not for all of your accounts. Best practise is to have three random words combined and include numbers and other characters too. Encrypting internal spreadsheets that include sensitive data with a password is also good practise to reduce the risk of that data being accessed if it is stolen.
For added security, we would recommend using multi-factor authentication on all high-risk accounts, such as banking or website logins. Using an app, such as Google authenticator is best practise, but SMS or email is also better than not having it at all.
If you have an ecommerce website where customers enter sensitive data, such as credit card information then be extra vigilant when adding plugins to the site. The newsworthy data breach from Ticketmaster who had their customer credit card data stolen via a chatbot on their checkout page is a lesson for us all to be extra cautious when implementing new website features.
The GDPR became law over two years ago, and whilst many of you will know the ins and outs of data processing and storage, it’s important to regularly review the data you’re collecting and ensure there is a valid reason for collecting it.
Ensuring your organisation’s network is secure from a cyber-attack is another key aspect of data privacy. Embedding best practises from ISO27001 or Cyber Essentials will reduce the risk of data theft.
We would recommend Cyber Essentials as a minimum for keeping your organisation cyber safe, and if you process sensitive data then you may want to consider complying to the ISO27001 standard for Information Security Management.
Data breaches can have serious consequences on an organisation, from fines to loss of reputation. Putting in place the proper processes and security measures for data privacy is key for business continuity. For more information on the data privacy, GDPR, UK Data Protection, Cyber click the links below to read our simple guides which offer helpful advice and access to our free implementation documents.
Read more:
CertiKit is a provider of ISO toolkits, consultancy and internal auditing services, and has helped more than 4000 organizations worldwide with their compliance.
For more guidance on implementing the ISO standard of your choice, go to our guidance pages where you can find more specific information about each standard and more downloadable resources.