Is your GDPR failing?
So, you worked hard to complete your GDPR policies, updated your privacy policy and emailed all your clients to confirm their consent. But have you slipped already? Have all your good intentions gone out of the window? Try this little test – tell the truth now !
Score 1 for every ‘FAIL’
- How tidy is your desk – look around… you get a FAIL if there anything left out that should be locked away! Are you operating a clear desk policy? A no here = FAIL
- Does your desktop, laptop, tablet and phone have tough passwords. No shirking here – anyone with no password or if the password ‘password’ or 1234 has to answer ‘FAIL’ to this.
- Any external drives left out? This includes pen drives and any other little storage devices. Look around – no sneaking these into a drawer. If they are out on your desk then they all count. Get a ‘FAIL’ for every device.
- So, speaking of drawers – are they locked when you leave for the day or pop out for lunch. Really? No cheating. Closed is not locked! You know if you deserve a ‘FAIL’ here.
- Now check your computer/laptop – have you got any big data files lying around? Any emails with data files you should really have deleted or saved to an encrypted space? ‘FAIL’ if you have data in emails, desktops, or anywhere risky.
- You guessed it... emails – emails are just so dodgy. Have you received or sent any emails with attachments that contain data or content you really should have encrypted? ‘FAIL’ – yep, I think so.
- Almost there! If you are the boss can you really say that your staff understand how GDPR impacts them? Be honest here, sending them an email with a link to the ICO website doesn’t count. ‘FAIL’ – no fibbing just because you are the boss.
- Finally, the dreaded SAR. If you have you received any, have you responded and processed them accordingly? ‘FAIL x 10’ if you answer no here.
So, how did you do?
0-5 FAILS – Not bad, good effort. Fix the fails to stay safe.
6-10 FAILS – Depends on which fails but definitely needs attention
11+ FAILS – Definitely needs work. ‘Must try harder’
If you need any help feel free to contact us at: https://optindigo.com :)
Good luck all.
Engineering Manager at PensionBee
6 年Sorry, Adam... this doesn't do it for me.? I understand the sentiment but you've turned this into a prescriptive tick-box exercise.? By all means give these as some practical examples of what might or might not be appropriate, but I know plenty of people with untidy desks, unlocked drawers, USB drives all over the show and - shock horror... unencrypted e-mails... myself included.? That doesn't mean it's an automatic fail... Data Protection is fundamentally about risk... dumbing it down like this completely misses the point - you should be focusing on the *real* areas of risk...? For example taking point 7 could be: "Now Summer's here, you may have taken on seasonal staff or volunteers - or permanent staff may be covering for colleagues and managers that are on holiday. They may not have had the appropriate Data Protection training - so make sure everyone is fully up to speed in their new roles.? Also bear in mind that Summer is traditionally the time for scams and fake invoices - so take the opportunity to cover this as well". I appreciate it's difficult if you're not working with organisations directly on GDPR matters, but try to put yourselves in their shoes and you'll come up with something far more relevant.