Search

How can we help?

Icon

Love is in the air: Is it data at first sight?

As we enter the week of Valentine’s Day, it is important to recognise the significance of data security, particularly where we have seen the number of cybersecurity breaches increase over the last few months. For example, it may be that you decide to order your partner a bouquet of roses and by doing this, you insert your and your partner’s names, contact details, bank details and recipient’s address, which all constitute personal data. Following this, it may then be that unfortunately, the company suffers a cyberattack which leads to your data being compromised and perhaps a mix-up in roses being sent to the incorrect recipient. With this example in mind, we explore the steps you can take to protect your personal data and to encourage proactive, rather than reactive, actions.

What would have been the company’s obligations in relation to the personal data?

The UK GDPR confirms that data controllers and data processors are under an obligation to comply with the data protection principles, and this includes ensuring that data is ‘processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage…’. This means that, with reference to our example, the company would have had a responsibility to prevent the personal data being accidentally or deliberately compromised.

What proactive measures could be put in place?

The UK legislation stipulates that appropriate technical and organisational measures to safeguard the data should be implemented. It is best practice to implement such safeguards prior to the processing as well as at the time of processing itself to ensure that these are effective and in order to understand which safeguards to implement, you should firstly complete a risk assessment. In this example, it may have assisted if there was pseudonymisation or multifactor authentication when entering bank details as well as considering the security of the website, system security and access controls to ensure that the data is held securely.

Various surveys have determined that humans are the weakest links in cybersecurity. This means that you cannot just rely upon the technical or system security measures when protecting personal data. As a proactive measure, it is best practice to implement data protection policies, particularly in relation to dealing with data breaches, ensure that staff are trained on these policies and are familiar with the processes when a data breach occurs to ensure a swift and effective response. In addition to this, having business continuity arrangements that deal with how personal data will be protected and recovering personal data are paramount to a quick response to dealing with an attack. Finally, undertaking periodic checks to ensure that your security measures remain appropriate and up-to-date will reduce the risk of being subject to a cybersecurity attack.

 

Melanie Pimenta

Associate

View profile

+44 118 960 4653

You cannot just rely upon the technical or system security measures when protecting personal data.

All you need is love… for your data protection practices!

By implementing technical and organisational measures, it is hoped that organisations can embed a culture of data protection practices. By consistently educating and reminding staff of the security measures in place, this can greatly reduce the risk of a cybersecurity attack. For example, the practices of ensuring that anti-virus or anti-malware products are kept up-to-date, restricting access to data for only those who require it and enforcing strong passwords and regular password changes, can limit attacks.

Particularly with those adopting hybrid working, it is even more important to maintain physical security in the ‘home office’. This includes not leaving your desk or confidential papers unattended and ensuring that back-up devices are locked away in a separate space when not in use. Please read more about remote working practices here.

Key takeaways

Overall, the first step is to manage your security risk by implementing appropriate organisational structures, policies and processes to understand and assess the risks. Next, you should consider the adequate safeguards needing to be implemented, where the ICO recommends making such decisions with consideration of the following:

  • The state of the art (of technology);
  • The cost of implementation;
  • The nature, scope, context and purpose of processing; and
  • The severity and likelihood of the risk(s).

Thirdly, you should implement the appropriate safeguards to account for your organisation and then create a framework for data security ensuring that your staff are aware of the processes. Finally, it is important to continually monitor the security of your systems to ensure their effectiveness to prevent against the risks of a cybersecurity attack and have a business continuity/response plan in place to effectively manage cybersecurity attacks.

If you any advice in relation to cybersecurity attacks, please do not hesitate to contact our data protection lawyers.

About this article

Disclaimer
This information is for guidance purposes only and should not be regarded as a substitute for taking legal advice. Please refer to the full General Notices on our website.

Melanie Pimenta

Associate

View profile

+44 118 960 4653

About this article

Read, listen and watch our latest insights

art
  • 10 July 2024
  • Employment

Redundancy : Back to Basics FAQs

Redundancy can be a scary and overwhelming time both for employees being made redundant, and for those that have to make the decision. It is important for both parties to know their rights and obligations in this time.

Pub
  • 27 June 2024
  • Employment

TUPE Podcast Series: What Transfers

In this sixth podcast in our TUPE Podcast Series, Amanda Glover will delve into the automatic transfer principle and what transfers to the incoming employer under TUPE.

art
  • 24 June 2024
  • Employment

Rethinking health in UK workplaces for a more productive future – Amanda Glover writes for Business Voice magazine

In Business Voice magazine, Amanda Glover discusses the record high levels of sickness absence in the UK and how employers should rethink workplace health for a production future.

art
  • 24 June 2024
  • Employment

Amanda Glover comments on the Conservative and Labour manifestos for HR Grapevine

In HR Grapevine, Amanda Glover, Associate at Clarkslegal, comments on the manifesto pledges for workplaces by the Conservative Party and the Labour Party.

Pub
  • 21 June 2024
  • Employment

Navigating the Labour Party’s New Deal for Working People: Legal implications post-election

Following the success of our seminar in Reading, we are pleased to announce that we will host the event again at our London office post-election. Please join Monica Atwal and Amanda Glover, for this in-person seminar on Thursday, July 11th, where they will discuss the Labour Party’s New Deal for Working People.

art
  • 19 June 2024
  • Employment

Are your employee benefits attracting and retaining top talent

The country’s economic outlook continues to improve, but many companies and employees are still under pressure due to high inflation and the resulting cost of living crisis.