Since it came into force over a year ago GDPR is beginning to bite. The UK’s Information Commissioners Office flexed its GDPR muscles and hit British Airways with a record $235 million fine. It also intends to fine Marriott Hotels £127 million over its loss of 383 million customer booking records.
ln France, Google was hit with a $57 million fine for mishandling of user information in its advertising business and a $400 million judgment was passed against a real estate company for improperly handling surveillance camera data. Spain’s soccer league, La Liga, received a $280,000 fine for the misuse of its mobile app’s microphone.
In Germany, a police officer was fined $1,500 for looking up a driver’s mobile number by using their license plate information and calling them for personal reasons. Germany’s regulator has been the busiest handing out fines for the following misdemeanours among others:
- A clinic which accidentally handed over a copy of a severely handicapped person’s ID card to the wrong patient
- Bank customers being able to see bank statements of third parties in online banking
- Nuisance advertising emails
- A fire department recording all incoming and outgoing calls rather than just emergency calls
One of the German regulator’s largest cases was a €20,000 fine for a social media company, knuddels.de. Email addresses and passwords of around 330,000 users were stolen and published by a hacker; the company didn’t encrypt customer passwords.
Small businesses and GDPR – millions are unsure
So how are small businesses faring with GDPR compliance? GDPR.EU, an organisation funded by the EU to help small and medium businesses meet GDPR needs, surveyed 716 small businesses in Spain, the United Kingdom, France, and Ireland.
It discovered that out of 23 million small businesses in Europe over half felt they were fully compliant, leaving millions more either not compliant or unsure of the steps they had taken ensured compliance. It also discovered that:
- Many business leaders are confused about basic data security concepts, like encryption. When we asked whether they used end-to-end encrypted email, about two-thirds said yes. But when asked to identify the service, only about 9% named an established encrypted service.
- Some respondents said they did not believe regulators would impose penalties against small businesses. But many more said their main reason for complying with the GDPR was to avoid fines.
It’s easy for small companies with an endless stream of things ‘to-do’ to see GDPR as a burden. GDPR regulators across Europe do recognise that small businesses have fewer resources and pose less of a risk to data protection. As such they may be more lenient to any form of non-compliance. But that doesn’t let small offices off the hook.
- GDPR law to one side, responsible data handling is a basic principle of good business upkeep. If a small business recognises that its data housekeeping is not the best, has it also considered how it would explain a data breach to trusted customers?
Common reasons for data loss
There are many reasons why a small business can lose business data, ranging from some type of disaster, such as fire or flood, to hard drive damage and corrupted software. However, the most common reasons for data loss are device theft, insider or hacker theft and malware. Yet ironically these are the easiest to guard against:
- Protecting against insider thefts can be achieved by enabling different levels of data access permission for employees.
- If employees store or access sensitive information on portable devices, there should be a means of remotely wiping data from those laptops, tablets, and smartphones.
- Appropriate anti-virus software ensures protection against malware as long as the anti-virus constantly updates and regularly runs scans to catch viruses before they can seriously damage the company’s devices.
Robust protection, simple management
BullGuard Small Office Security is an all-in-one solution that addresses these issues. Unlike comparable products, it is incredibly simple to use and manage.
Workstations, laptops, and smartphones are protected with multiple award-winning protection against all types of malware, including ransomware, malicious websites and deadly zero-day threats.
Importantly, designed specifically for small offices, all protected devices are centrally managed from a cloud portal. This means remote commands such as device scans, updates, device disabling and enabling, removing quarantined files and restarting Windows devices to remove infections, can be simultaneously applied to all relevant devices.
For Android devices, remote lock, locate, wipe or scream commands can be sent if a device is lost or stolen. Group settings can also be remotely applied to devices, appropriate to users’ roles and tasks, for instance, limiting access to specific data.
There’s a lot more to BullGuard Small Office and you can check it out here. But for sure, it certainly helps protect customer data, and in turn meet compliance requirements, by protecting against data theft and loss.