A member profile by OBCN founder Mike Foster.
Last week, I caught up with our members Databasix UK, who are an organisation with the vision of bringing people and data together, in order to change the way that data is collected, understood, and used.
As always, the conversation with Kellie Peters and Regina Lally was interesting, thought provoking and insightful.
Following the conversation, it generated some thoughts and concerns that I feel are important to highlight and share in this latest blog.
Personally, I have engaged the services of Team Databasix for a couple of businesses in the past. Their practical support helped us to break down the regulations in plain English, to ensure we were compliant and understand what it meant specifically for our business in relation to the various forms of data we held. For sure, this is an area when a template policy is insufficient if you are serious about the data that you own, control or process.
There are two things that surprise me when I ask businesses about the data they hold.
Firstly, few can list all the areas for which they hold data or especially what they share with a third party. Some do not even consider that they have shared their valuable data with a third party when they use software. Therefore, how can they be taking their data seriously if they do not have all their bases covered?
Secondly, I am also totally gobsmacked by the number of businesses who feel that they do not have to do anything and that an insurance policy will cover them.
Perhaps small businesses often mistakenly believe that they are too small to be a target and do not consider the risks or prepare. This lack of preparation can create vulnerabilities for which others may exploit or situations where your own people innocently do not consider the risk or potential impact of their actions.
What about a data breach?
A breach could be caused by your IT system being hacked or compromised. This could be malicious activity or system glitches. However, the most common reason for a breach is due to human error. What have you done about training your people about the protection of your data? Does your culture encourage your colleagues to admit to a breach (eg sent an email to the wrong person with sensitive data)? If not, a bigger issue could be the outcome, especially when it could be helpful to deal with a breach quickly.
In terms of human error, I recall a statistic I read when GDPR was announced. It stated that if a member of staff found a company branded USB stick in the car park, then over a third of those that found it would take it into the office and put it into their computer to trace who dropped it. Too late!
A financial loss is a major consequence of a data breach due to potential fines in line with the General Data Protection Regulations (GDPR) and / or litigation claims by impacted third parties. As mentioned, some businesses tell me that they are insured so have no worries, but please do check if your insurance policy covers such fines, as often they don’t.
There is also the hidden cost due to the amount of time it takes to reflect on the breach and create a fix that stops it happening in that way again. There is of course the people cost of fixing something that potentially could have been avoided with some upfront investment, but also your operations will be disrupted with the cost of such a critical operational downtime. This impacts the wasted time of your wider resource. It may also impact your revenue generation, especially for businesses reliant on systems that are hopefully just temporarily shut down. Some breaches will just be an inconvenience, but there will be an associated emotional distress that will also have its impact.
There is also a huge potential risk to your reputation. What would your customers, staff, stakeholders, network, think of your business if it became public knowledge? How would that feeling impact your reputation in the market? How would any negative consideration impact your business?
During my conversation with Kellie and Regina, it was great to hear what they have developed during the pandemic lockdown. They spoke to their customers and have listened to their market. As a result, they have developed their training offering with more online delivery and eLearning options. They will soon be providing their courses ‘on demand’.
However, I was blown away by the GDPR toolbox that they have developed. It provides Data Protection Officers, data protection leads and compliance officers with a set of practical tools to help them manage their data protection challenges. The toolbox has 3 levels, but the entry level toolbox provides 6 essential tools to help manage and monitor GDPR on an on-going basis.
If you have responsibility for your organisations data, then this is an essential box of practical tools.
Supporting other service providers
Databasix UK are collaborators and like to work with other businesses to collectively help others.
As an example, they help web developers to create personalised privacy and data protection policies for their client’s websites.
A word of warning if you don’t take your data seriously
Organisations in breach of the GDPR can be fined up to 4% of their annual global turnover or 20 Million Euros (whichever is greater).
If organisations are under any illusion that these financial penalties will not be enforced, the recent fines imposed on some of the well-known businesses have shown just how seriously the ICO intends to take GDPR violations.
Hear about some of these breaches and much more with The Data Rockstar’s Coffee PodCAST by clicking here. An excellent listen each Monday covering all things about data.
Need support or interested about the work of Databasix?
Do you need a Data Protection Officer (DPO)? A Data lead? Or some policies and processes to support your compliance and risk considerations?
Take a look at their new catalogue of services by clicking the download below:
Or check out the Databasix website www.dbxuk.com for information on the products, services, consultancy, and training that they can offer to help you protect your data.
If you think you could refer Databasix to help one of your customers or someone in your network, then I certainly recommend a 1-2-1 with Regina or Kellie.
This is a testimonial I provided a few years ago whilst working for CRM accountants. I have since seen how much they have helped so many more businesses of all sizes.
“I would have no hesitation in recommending the team at Databasix. We were delighted with the support we received at CRM, which was practical at all times and tailored to our requirements. The ongoing consultancy support was invaluable to guide our GDPR considerations and when a document was needed, we never received a template but always a personalised document fit for purpose.”