Why you should care about privacy (and why the GDPR makes sense)

Why you should care about privacy (and why the GDPR makes sense)

An average person is listed in hundreds to thousands records of the government and companies. You have to rely on them to protect your data and your privacy. Given the number of data breaches, this is not something you can take for granted.

To protect your privacy, Europe has introduced the GDPR (General Data Protection Regulation). The GDPR sets a number of requirements for every organisation when they process privacy sensitive information. One of its statements is that you need to process personal data securely by means of 'appropriate technical and organisational measures'. At SafeRequest we help with this part of the regulations.

What could go wrong? And why should I care?

First of all: what actually is the issue? Apart from the uncomfortable feeling when someone has access to your personal data, there are some real risks. A couple of examples:

Identity theft

With documents like your ID card or a payslip, people can steal your identity. Your identity can be used to order products or subscriptions. Even worse, people can use your identity to rent a car or open a bank account to to facilitate their criminal activities.

Phishing

When certain details about a person are known, that information can be used for phishing. Phishing means trying to steal information from people like usernames and passwords. For example, if someone knows your email address and bank number, they can send an email that you have to reset your password, with a link to a fake password reset page. If you reset your password, they'll know your credentials and can use those to withdraw money from your account.

Blackmailing

Every person has some secrets they preferable don't share with the world. When someone gets their hands on privacy sensitive information, this can be used for blackmailing.

For companies: abuse of trade secrets

For companies their trade secrets are vital. This information distinguishes them from their competitors. If you are working on an awesome new product, you want to keep this information safe.

This won't happen to me

Many people think "this won't happen to me" or "I have nothing to hide". But in 2018 there were 14.4 million cases of identity fraud. And there were 1,244 reported cases of data breaches, leading to the loss of almost 447 million records exposed in the United States alone.

What can I do?

If you are working with privacy sensitive information of your clients, it is your responsibility to treat that information with care. One of the steps you can take is not sending privacy sensitive information via email. SafeRequest offers a good solution for this, but transferring the data in a secure manner isn't enough. It's also about how you store & process it. A couple of recommendations:

  • Store the data in a secure way.
  • Don't store what you don't need, or at least anonymise it.
  • If you don't need certain data anymore, throw it away. Keeping all that data that you don't use is an unnecessary security risk.
  • Limit who has access to the data. Review who needs to access what.
  • Most organisations are required by the GDPR to nominate a Data Protection Officer. That might sound as an overkill, but even if you aren't required to have so, it is a good idea to appoint someone who thinks it through.
  • In some cases, you need to perform a Data Protection Impact Assessment (DPIA).
  • Inform your clients what you store and how you use it. Do this in a clear manner, not somewhere buried deep in your privacy policy.
  • And, of course, transfer the data in a secure manner with tools like SafeRequest.

Start for free