The rules of GDPR for small businesses is the same as for bigger corporations. Yet it’s been reported that many small businesses still don’t understand GDPR, seven months after it came into effect. Of the 1000 questioned for a new survey, half admitted that they didn’t understand the rules brought in on May 25th, despite the possible consequences. Keep in mind this could potentially be up to €20 million – per data breach.
There were many shocking statistics to come out of the survey. A few to particularly take note of:
- 60% of small businesses didn’t know that the Information Commissioner’s Office should be notified if a data breach occurs. In addition, half didn’t know that the affected individuals should also be notified.
- 25% allowed employees to use their own phones, computers etc. for work without making sure the data was encrypted. No matter how secure the data was in the workplace, it therefore wasn’t sufficiently protected.
- Many paper records are not being disposed of securely. More than half were not disposing of customer records properly, and the same was true of staff records in 71% of cases.
- A quarter had used details from real case studies in training materials, effectively handing out private information to their employees.
You can read the full details of the survey by clicking here.
Being unaware of the requirements under GDPR for small businesses, these companies are putting their customers and themselves at risk. It’s vital that everyone knows their obligations regarding data protection under the new laws, but many still don’t.
Activa Consulting can provide extensive GDPR gap analysis to ensure that your company is compliant with GDPR. We also offer services designed to protect you from data breaches such as GDPR staff training, which will prevent simple lapses that could lead to massive fines.
So contact us today to give your organisation the best chance of being GDPR compliant!
Is your smartphone listening to your conversations? I’ve had a lot of creepy experiences lately, where a verbal conversation I’ve had with someone is suddenly being reflected in the adverts being served up to me by my Android smartphone. For example, someone asked me about who Help For Heroes were, so I explained it – and then what was the very next advert to show up on my phone, after never being considered or searched for before using that device or any other?
Mental health support for ex-servicemen. Just one of many. So I started digging to find out more about how this is happening – and whether anyone genuinely has the rights to listen in to my conversations.
As it turns out, it’s not a conspiracy theory. It’s been discovered that your smartphone really is listening in and collecting data about you. Hundreds of smartphone apps are using a technology from a company called Alphonso, which accesses a phone’s microphone to collect advertising data.
Alphonso’s software seems to be particularly focused on a user’s TV-watching habits. It listens in on the phone’s local environment, and receives audio samples which it compares to commercial content. If a match is found, it will then attempt to deliver targeted ads for that same content to your phone.
Did these apps genuinely get our specific, informed, granular consent to do this? And is this consent retractable? If not, then it would appear that this kind of data collection doesn’t conform to GDPR.
If you want to prevent your smartphone listening to your conversations, there are several things you can do to safeguard your data. Most crucially, you need to control permissions for your smartphone’s microphone:
- For iOS, go to Settings -> Privacy -> Microphone
- For Android, go to Settings -> Apps -> App Permissions
So I changed the permissions of which apps could use my phone’s microphone. Now the ads I see are stuck in a timewarp – still trying to flog the same things they were a month ago. So, you win some… you lose some!
Want to find out more about GDPR and data protection? Click here for all the information you need…
We’ve been delivering many urgent project management and staff training projects recently, to companies that just need “GDPR compliance now” – so much so that we’ve not had time for our usual blogging and marketing activity lately. We’ve written this article to consider where companies and organisations are really at in their GDPR compliance programmes now and what we’d recommend that companies do next. (more…)