Welcome to the first part of our new monthly theme – this February, we want to Be Better at the Basics!
This week, we’re tackling something that’s been affecting loads of workplaces this Spring – the introduction of GDPR.
Personal data is on everyone’s minds at the moment, with the new GDPR legislation on the horizon and big fines on the way for businesses that don’t comply.
Here at Office Needs, we’re in the same boat as a lot of businesses – working our way through all the guidance to double check that we’re compliant with the new changes, and making sure our best practice is even better in 2018.
We read a great quote recently from Rowenna Fielding (@Missig_geek) which we thought was incredibly useful for working our way through it…
The General Data Protection Regulation (GDPR) is a new regulation intended to strengthen data protection for all individuals within the EU. When it comes into force on May 25th, it will be a big change for many companies in the way they handle data. While many businesses already have good data protection practice at the heart of their company policies, sometimes it’s easy to forget the simple steps you can take to improve security and keep your company compliant at every level.
Our favourite tip for helping everyone in your organisation through GDPR is simple (and comes courtesy of Rowenna Fielding (@Missig_geek ) in this article:
“Forget ticking ‘compliance’ boxes and start treating personal data the same way your organization treats money – know where it comes from, who’s using it, for what, where it’s kept and where it goes. Then compliance – and good customer experience – should come naturally.”
So how might we put this into practice?
1. Know where your data comes from
We assume you wouldn’t let employees collect piles of unrecorded cash from customers – so why let unrecorded data float around?
Talking to your team about all the ways they collect information will help you identify all the entry points for personal data in your organisation. For some businesses, there aren’t too many of these, but just remember that every time someone phones up and their details get scribbled on a note – that’s data!
Finding all the entry points will then help you with step two…
2. Work out how it travels
When it comes to money, businesses are usually pretty good at knowing all the places it will move to, and how secure they are. But when is the last time you worked out the full life cycle of your customer data?
Working out its direction of travel is an exercise best conducted with your whole team – check who sees what, where they save it, how they use it, where it’s backed up to, when it gets reviewed and how it gets destroyed.
Once you have a full map, you can start amending your processes to double check you’re all ready for GDPR.
3. Check who has access
Lots of organisations now have cloud-based sharing software, and like team members to be able to access each other’s files. While that’s very convenient, it’s incredibly important to keep an eye on who can access what. And while it might seem like a good plan to lock those files down with a basic password that everyone can remember (Password123, anyone?), you wouldn’t do it for your money, so don’t do it for your data.
Don’t forget, if you have team members who need to move data around offline, you can still benefit from password protection. Encrypted hard drives and pen drives are a great way to ensure that if a drive ever gets left lying around in the office (or much worse – on a train!), you can prevent unwanted access with a password. And with some drives, if the wrong password is entered too many times, the data is erased. Much safer than a normal drive!
If you deal with cash, you’re probably used to moving it safely between cash boxes, tills, safes or other secure repositories until you can get it to the bank. But are you treating your physical data with the same respect?
Having secure places for your physical copies of data to go is crucial. It’s also not as hard as you might think – adding a lockable pedestal to your desk setup means you can safely hold all your files without needing to find space for a full filing cabinet.
Plus, when it’s time to destroy that data, there are now loads of great options to shred securely, even if the physical asset is a CD! Investing in a good office shredder could be the perfect way to bring your data destruction policies up to date, or if you have large volumes to regularly destroy, consider using a dedicated shredding service to take care of it securely.
That’s all from us for this week, hope this tip helps you too as you prepare for GDPR! If you have any other advice that might help out fellow readers, why not share it with us on social media?
Until next time, have a safe, secure and productive week!
Join us next week for a Valentine’s Day themed Part 2 of ‘Be Better at the Basics’!
Want to be more productive throughout 2018?
Keep up with this blog for tips, tricks and great products to help you!