For Data Privacy Day we thought we would give an overview on the main elements of keeping data private online.

Enjoy.

Passwords

Firstly, passwords.

If you have the same password for every online account, please add it to your plans for 2025 to review and amend.

In an ideal world it is recommended that passwords are a random string of words combined with a number or two and a special character. In real life, this can be difficult for many to manage.

Online passwords across different accounts should be different, even if only slightly.

Your passwords for your personal accounts should most certainly be different from any business accounts that you hold.

There are lots of password tools you can use that will securely hold all passwords in one place so you only need to remember one. Alternatively, make the most of logins that use codes sent to your mobile device or face IDs.

And if none of that works for you, then by all means write your passwords down. Just keep these passwords in a secure location (ideally in a safe).

Please, please, pretty please – do not put your passwords on post stick notes around your computer or work space. We literally flinch when we see passwords appearing in the background of photos – yes, we do want to see a cute photo of your cat sunbathing next to you, but we don’t want to when said photo includes a clear shot of your Facebook password. Think of our sanity if nothing else.

The Dreaded GDPR

The Data Protection Act of 2018, otherwise known as the dreaded GDPR, controls how personal information is used by all.

If your business uses any personal data then you have to abide by the rules of GDPR.

GDPR states that information must be….

  • Used fairly, lawfully, and transparently
  • Used for the specified/explicit purpose of your product/service
  • Used when relevant and necessary
  • Accurate and kept up to date if needed
  • Kept no longer than is necessary
  • Kept secure
  • And your customers can ask to know how their data is used, want to have their data updated, or have their data removed from your records.

You can find out more about GDPR on the UK Government’s site here.

To ensure that your business complies with GDPR, check how your business holds its data.

This includes…

  • Any CRMs that you use
  • Any mailing lists for your marketing efforts
  • Any password storage tools used
  • Any browsers that you use for your work – yes, your browsers need to be current to ensure that it has the necessary security elements
  • How you handle any physical paperwork/records, ensuring the data is kept secure and private
  • How you handle the transfer of any files containing personal information
  • How you handle any subject access requests (SARs) from customers
  • Your internal password policies – how often do you change your work passwords?
  • Who within your business has access to your customers personal information, and whether it can be restricted to what is necessary for them to complete their role

And much more…

Essentially, trace how data enters and exits your business, all of those steps should be covered by your business’s GDPR process and policy.

Scams

Unfortunately they are everywhere, the introduction of emails and fast methods of communication has only assisted in scammers abilities to target you.

There are steps that you can take to stay confident when it comes to online scams. They are…

  • To check your email settings to ensure that your spam filter is set up accordingly.
    It may also be worth chatting with your email provider as well to ensure that you have a screening process on your email server to help filter spam emails out before they even reach you.
     
  • To not open any attachments or click on any links from unknown email addresses.
    As obvious as that might be, it is worth triple checking that your employees are aware of this fact to.
     
  • To opt out of data collection when signing up for new accounts/services.
    If your data is not collected then it’s unlikely to be passed on or stolen by scammers to target you.

Don’t forget that scammers aren’t just online, they can also approach you via SMS, phone calls, or via the post.  Staying aware and being confident is key to not falling for their tricks.

Remember, if it’s too good to be true then it probably is. If the message is random and unconnected to anything you do or have done, then it probably is something that you do not need to interact with.

Your Systems

The final topic to touch on for Data Privacy day is your own system.

Whether that is a series of spreadsheets, an off the shelf CRM, or a bespoke offering.

You want to check that it is secure.

This is not just in terms of its physical location or access point, but also in whether its password protected. Ideally you also want to check the processes you have in place to ensure that passwords are managed and changed at a frequency that works with level of data stored.

If any part of your system can be accessed externally, by your customers or suppliers for example, ensure that the in/output is secure as well.

If your current system is not allowing you and your business to safely manage data, both from customers and internally, then chat to us and we can help identify a solution that could work for you.

So, take sometime this Data Privacy Day to check your business and how it handles its data. Put plans/tasks into action to ensure that you stay on top of your data and your privacy.

Published: 27th Jan 2025

« Back