Security and Data Protection: not just for your IT team
When speaking to other business owners or top level managers, I am frequently surprised by how few of them REALLY know the details about how their security, infrastructure, and data protection policies are configured or implemented.
They say that they “leave it in the hands of professionals” or “our IT people are handling it.”
Really? In this day and age?
With GDPR hovering in the wings, there is no better time to get yourself informed about what you SHOULD be doing with security, infrastructure, and data protection. Because if you fall foul of these new regulations, it won’t (only) be the IT folks who pay the price.
It will be you and your business as a whole.
“But we’re not a tech company!” I hear you cry
It really doesn’t matter. You hold personal data on your customers (think both people and companies), as well as the people who work for you.
You know their names, email addresses, and telephone numbers. Simply put that’s personal data! That has to be protected under the new regulations.
And all businesses, no matter what industry they’re in or how tech-savvy they are, will be held accountable.
Now I’m not saying I’m perfect
We recently achieved Cyber Essentials PLUS certification and even I was surprised by some of the things that I had not recently considered.
Luckily, like so many of you, the vast majority of these had been considered and catered for by our fantastic team. Any omissions could be fixed with very small procedural changes.
But again, I consider myself well informed about these things, and we still had some changes that we needed to make. There were still bits of information that I needed to learn.
My advice?
Talk to your team, learn the things you don’t know. Really take some time to engage.
Find out your responsibilities, patch the gaps you didn’t know you had.
Start today, the deadline for GDPR is 25th May…you need to be ready for it.
P.S. Remember its not just the potential of crippling fines that we should be focussing on, as business leaders we need to be mindful of any reputational damage that getting it wrong or not being fully informed could bring.