What can we do to help prevent data breaches?

A personal data breach under GDPR (sometimes referred to as a “data breach”) is a breach of security where personal data is accidentally or unlawfully lost, altered, destroyed, or accessed or disclosed without authorisation. For example, a file of papers with customer address details is left on a train, an email is sent to the wrong address, data is maliciously altered by an employee, or your organisation falls victim to a cyber-attack.

Whilst it is not possible to eliminate all risk of a data breach, there are certainly things you can do to reduce the risk. We have put together some top tips below:

  • Consider past breaches – is there a particular type of breach that occurs or areas of the business which are particularly prone to data breaches? Consider the causes and work on solutions to reduce the risk of recurrence.
  • Review security – consider whether security measures in place are appropriate for the type of data and the nature of the processing you undertake. You may be able to do this with your IT team or with the assistance of external IT experts. Don’t neglect physical security. Many businesses work solely or predominantly with electronic data, but you will still need to consider physical security issues, such as access to business premises and rules about how to deal with assets holding personal data, such as laptops.
  • Back up your data – backing up your data will allow you to retain access to your data even if, for example, laptops are stolen, or your premises is damaged by fire.
  • Keep your data up to date – having out of date data increases the risk of a data breach. For example, a health insurer which fails to update member addresses, risks sensitive information getting into the wrong hands.
  • Review your policies – make sure your policies and procedures on handling personal data are clear, comprehensive and easy to use. If you have easy to follow procedures which help you to comply with your data protection obligations, this will reduce the risk of a breach.
  • Minimise data – the less data you hold, the less risk you carry. Consider whether all the data you collect is necessary for the purposes of the processing you are undertaking.
  • Data storage – you should only keep data for as long as you need it for the purposes you collected it for. Review your retention policy to ensure data is not being kept for longer than this.
  • Consider access to personal data – are your systems set up so that personal data is only accessed by those who need access to it?
  • Training, training, training – your staff are an essential tool in helping to prevent data breaches. They need to be clear on what they can and can’t do when handling personal data. It is essential that they can identify risks and know how to report potential data breaches should they occur.

If you would like assistance in reducing the risk of personal data breaches within your business, please contact us here.


Don't just take our word for it