Insuring against a data breach.
On a Wednesday evening in the middle of March there was an intimate group gathered in central London, all for a combined purpose. There were business owners, health professionals, digital marketers and business consultants, a select group set for a round table discussion on an issue that will affect ever company in the UK. How to mitigate the risks from the upcoming GDPR regulations.
Jason Cobine from CobineCarmelson set the tone giving examples of cyber-criminal activity and issues relating to data breaches. Coming from an insurance background, he gave us insights into what areas can be covered, but also what we could also do. not only minimise our exposure to risk, but keep our procedures in line with our policy cover.
The legal side of GDPR.
Richard Mullett, from The Legal Partners, then guided us through the different sections of the legislation. He helped us define what is personal data, the penalties involved and what procedures we need to have in place if a data breach should occur. He went through the different types of sensitive data and examples of separate areas where it may be held, Payroll systems, HR databases, paper records etc. See our FAQ section
Practical implications of GDPR.
To finish on Malcolm Ford, from IT Enterprise Business Solutions, led a practical workshop on how to create a data map. Everyone divided into smaller groups and then given a scenario of different business models. Their task was to draft down on a piece of paper what information that organisation held, how it was processed and highlight sensitive data. Half way through the exercise these discussions were interrupted, as new information became available. One discovered they had information stored off-site when using sub-contractors, and the other had an ex-employee set up in competition with information they believe he had stolen. Each conundrum brought home the intricacies of what could happen in real life and how complex these situations could become.
The feedback was incredibly positive so we will be planning a second workshop for later in April to continue investigating the issues raised from implementing GDPR into the workplace. If you wish to attend the next session please contact us on the email above.