Are you a Guardian of your Galaxy?
Posted on 16th January 2019 at 11:35
We were asked recently if we thought Cyber Crime will continue to grow?
Without hesitation we said “Yes and it will continue to do so”
Why were we so sure?
We continued without a pause because we continue to accept no responsibility for our actions and think that it will never happen to us.
We may have started our business out of choice or following a difficult situation, we did however all start a business with an idea, an idea, that we had certainty would create something that would fulfil us, make money, for us, our families and our staff.
If things go well our company will go from strength to strength and therein lies the problem.
We are sure that by this stage you may think that we are suffering from madness and delusion in stating that a company increasing in strength and profitability is actually a concern.
As any business grows…
We gain more customers.
To serve the customers, we increase our staff.
To manage the increase in staff we increase our infrastructure
In every situation…the data within our organisation increases…
Data can come in many types:-
o Customer data, Staff data, Supplier data or Company specific data.
Data can take many forms:-
o Informational, Transactional or Maintained.
Most importantly - Your data may not necessarily all be in an electronic form.
The data contained within your organisation, isn’t your data, you are simply a guardian of the data, this is reflected particularly by GDPR (General Data Protection Regulation).
So why is this important?
For any organisation GDPR determines the way in which Data should be created, managed and stored within the business.
GDPR also determines how long data should exist and most importantly for this article when it is time to remove the data on whatever media it is stored, the data is removed securely beyond question and without compromise.
For many years it has worried us that the care and attention in selecting the new technology for our businesses is never transferred in considering how we will dispose of the old.
It’s only natural that we get excited to take a new computer out of box, unpack a new server to make accessing our database quicker or finally move out the filing cabinets, thus rediscovering the space they took up as all of our records have now been computerised.
It has always been our responsibility as “Guardians” of the data within our organisation that we take as much care to ensure the proper destruction, ensuring the privacy of the data subjects are fully protected, the problem is in most cases we just want it gone as quickly as possible.
It’s A Real Issue…
We now see no value in the old, so if someone offers to take it off our hands and dispose of the items for us, we will normally jump at the chance, failing to fully understand the decision we may be taking.
Despite what we may think, our responsibility doesn’t end once our old equipment, files and data leave our premises and in accepting help from someone to dispose of our equipment, we must be very sure that they work to appropriate standards with contractual obligations (Particularly crucial with GDPR).
In Simple Terms…
Assuming when our old equipment, Files or other media leave our premises they will be appropriately managed correctly to appropriate legal levels, whether for destruction, deletion or recycling can never be considered suitable for any business.
In Following this very dangerous practice could expose the business to considerable fines and legal ramifications which could in the worst case mean the business in question may cease to trade.
Now It Should Be Very Clear…
The disposal of your legacy systems must be taken very seriously and in most cases it is not possible or plausible for us to perform these operations on our own. If we decide to outsource the function to a third party we must be able to trust them without question.
A final word of the highest importance...
By establishing and following a compliance journey you will minimise the impact, consequences and compliance issues in relation to any related to any data breaches that may occur from poor data management of your archived or legacy data.
Our GDPR/Cyber Compliance Training will help any business to understand, develop and implement their successful compliance journey.
Share this post: