Friday, 25 November 2016
Data protection and cyber issues for small and medium sized business
Overall the digital age has been a positive for small business allowing lots of admin activity to be simplified and reducing the need for infrastructure. A lot can be done with a mobile phone number, email address and website. Welcome to the gig economy.
However it has become very clear that digital data has a huge value, and personal data even more so. Data is like money. Since it has value some people want to steal it and stealing data is generally called hacking.
Also Governments, ever keen to "guide" or "nudge" the people to the correct conclusions (not going so well with Brexit and Trump) have been spying on the population leading to the game changing revelations from Edward Snowden.
Therefore into the previous wild west of big digital data comes regulation. In the UK the very analog Data Protection Act has been updated piecemeal by the Regulation of Investigatory Powers Act, The Protection of Freedoms Act, Freedom of Information Act soon to be in force GDPR.
Small and Medium Businesses are presented with quite a challenge as a result. For example issues like encryption of sensitive data, explicit consent and right to be forgotten all need to be considered. All these are important issues but for the owner of a small business who has not changed his passwords in 12 month these issues seem esoteric at best.
Unfortunately if small business does ignore this issue they can destroy customer trust if hacked and also suffer on the compliance side as this case from the ICO shows.
Therefore what ?
At klipcorp IP we have developed this simple free risk assessment tool aimed to help small business on this complex journey and would encourage engagement with it.
It is inevitable that business will need to allocate resource into this area (both large and small) and over time those that do not will lose customer trust / business and sometimes suffer at the hands of the regulator.