The BIG data tidy up for GDPR - 7th to 11th May
Do you know what sensitive or personal data is?
Security Watchdog deal in sensitive personal data every day and the secure processing of that data sits at the very heart of our operations. It is the information we use to help us identify and verify candidates going through our screening processes such as names, addresses etc. As a business we tend to collate and handle a lot of data that would be considered ‘sensitive’ under the DPA and would prove valuable to fraudsters as it is not normally available. We process data such as Passports, ID Cards, NI Numbers, Mothers Maiden Name, Employment and Education history, Criminal Record history, Financial Probity checks, Directorship information as well as sanctions and regulatory information. This is all valuable and personally identifiable information someone could use to clone someone’s identity so it is essential that we protect it and ensure it is processed and stored as securely as possible.
Do you know where our sensitive or personal data is stored?
The most obvious places we store our candidate data is in one of our highly secure technology platforms namely VOLTi3, NGV, eBulk and the CIS Platform. These systems account for the vast majority of data storage that we have and they have been designed with data security in mind and can ensure that we remain compliant with the UK Data Protection Act, future GDPR requirements, ISO 27001 and our client’s own information security requirements. It is equally important that we consider the more unstructured data outside of these systems that may exist in the business. This can include candidate data and references coming into shared mailboxes, the scanning of certificates or reference responses or the creation of paper files for FCA regulated or Airside individuals. We must also be mindful of any candidate data that is being populated into client operational reports and how these need to be password protected.
Do you know what the penalties are for not complying with GDPR?
There has been much talk about the penalties as a GDPR compliance breaches can cost an organisation administrative penalties of up to 4% of global revenues or 4 million euros, whichever is the highest. Whilst this may be reserved for the most significant of breaches the GDPR requirements do make the risk of non-compliance much higher, especially as data subjects have significantly more rights under GDPR and as a business we have to inform individuals of their rights and facilitate those requests as quickly as possible. It is the responsibility of every member of staff to ensure that they are handling sensitive data in as secure a manner as possible and to highlight any practices they see that may not meet the high standards that we set for ourselves.
What do you need to do?
As part of the requirements for GDPR, we need to remove sensitive or personal online or paper-based data from our emails, drives, desks and filing cabinets.
Everyday of the week beginning 7th May (Monday is a bank holiday) from 5:00pm to 5:30pm we will be taking part in the BIG Data Tidy Up. For those 30 minutes each day you will be given the time to ensure sensitive or personal client data is disposed of in the appropriate way. We will be providing checklists to assist in this project.