In our communication assessment quiz, compliance is one of the four key areas, with very good reason. GDPR and other compliance requirements must be met, and that means the secure storage and transfer of sensitive information.
Why is communication so important to compliance
GDPR – never in the history of business have four letters caused such consternation and confusion. The panic that followed the first announcement of this particular bit of EU legislation was incredible.
As GDPR rolled out and things became clearer (well, OK, slightly clearer), a lot of those concerns about compliance came down to how companies were sending, storing, and retrieving information. So, the second part of our communications quiz looks at this area and will help you assess where you stand.
Compliance, as we all know, isn’t an optional thing because it is backed by legislation. Anyone in business who isn’t aware of the huge problems and even bigger fines that can happen as a result of not adhering to the needs of GDPR must have been hiding in a cupboard for years. So, the short story is that you need to be compliant.
Much of GDPR and other compliance is about how you handle personal data, and that includes how you move that data around and who can access it. When information is accessed, it is usually transferred in some way. When you do this, your communication becomes part of your compliance process. How information is retrieved and then passed on is often a hidden weak spot in GDPR compliance for a business.
A lot of the problems that occur when it comes to compliance are around the issues of who receives the information. If you are holding personal information about someone, then you are responsible for ensuring that if and when you send that information, it is only seen by the recipient. In short, you need to ensure that the sender is confident the information will reach the right destination and that when it gets there, you have taken all reasonable steps to ensure only either the owner of the information or an authorised person can see it. The communication chain must abide by the law.
You would be surprised how common it is for sensitive data to be stored carefully behind encrypted firewalls and clever state-of-the-art defences only to then be sent to someone using an open email with no protection at all and no way of knowing who opened it. Your compliance just went out of the window.
Even worse is when the information is physically transferred by thumb drive, on a laptop, or even on a phone. If any of these are lost or stolen, then the data is gone and potentially in the public domain. Carrying that information around is fraught with danger. Taking a risk because ‘The chances of that happening are very small’ is really not an option. I think we have all seen enough news stories about government laptops being left on trains and similar to know that it does happen.
If your communications are not secure, then you are very likely to be in breach of GDPR and possibly other compliance requirements.
How will the quiz help?
When you take the quiz, it will ask you a few simple questions. It won’t take long; most people finish it in a few minutes, but don’t let the fact that you can do it over your next coffee break fool you. The answers may be quite straightforward, but our experience is that many businesses are not asking these questions. Compliance is just like any specialist requirement – you only know what you know, so sometimes you don’t have the experience to identify where a problem may be hiding.
When you receive your emailed report at the end of the test, it will be a personal response that will warn you if you are potentially not securing your communications effectively. It will also give you some starting advice on what you could do to resolve the problem if there seems to be one.
In many cases, these problems can be resolved by simple measures such as software that will automatically spot that a message should be encrypted or by adding secure portals that restrict access to sensitive information.
People can be the problem without knowing it
The quiz will also ask you some pertinent questions about the team who handles the information. The sad truth is that most breaches of GDPR and cybercrime are down to human error. We tend to think of the TV version of the secretive, genius hacker who has a magical ability to beat your defences. That may be great drama, but most cybercrime is opportunistic or happens because someone makes a mistake. Would your team all be able to recognise a phishing email, for example? Some of them are very sophisticated. Do they understand and use authentication as needed?
Non-compliance could mean a hefty fine, and your customers and clients will be able to see that you have had an issue protecting their data.
