Skip To The Main Content

Staying safe in the GDPR age

By Steven Allan, CEO and Founder of Linten

By now, the vast majority of businesses are familiar with GDPR and have worked hard to implement the necessary data security measures. However, there are many which are still not fully compliant with the legislation, and even businesses that have followed the steps prescribed by the international legislation may not have a contingency plan for a security breach. By lining up the right tools and processes, you can ensure seamless business continuity in the event of information theft or other data-related disruption.

Studies show that 94 per cent of organisations that suffer severe data loss, for any reason, do not recover. But GDPR compliance needn’t be scary. Here are a few relatively easy ways to meet GDPR requirements and avoid potentially damaging interruptions to your business.

Data protection 

GDPR is primarily concerned with the protection of sensitive, personal data, for your business and clients. GDPR legislation requires all companies to take appropriate measures of “protection against unauthorised or unlawful processing and against accidental loss, destruction or damage” (Chapter 11, Article 5(1(f))). You can prevent data breaches and security leaks by investing in effective security software. Beyond sophisticated software, adopting simple security habits can potentially assure your business continuity.

Use complex passwords

Password-protected data is only safe if you use complex passwords. If you regularly use the same easy-to-remember passwords then it’s likely that your accounts are easy to hack. To reduce vulnerability to sophisticated cyberhackers, we recommend using a combination of letters, symbols and numbers in every password. Random password generators are a useful tool for creating codes that are almost impossible to crack. Also, don’t use the same password for multiple accounts! 

If you are concerned about forgetting your passwords, you can rely on an encrypted password storage service. But you should aim to change your passwords every 60 or 90 days, to minimise the risk of a future cyberattack.

Lock your desktop when you’re away

 If you leave your desk, even if just for a minute, it’s important to lock your computer screen. There are multiple shortcuts to make this easy, using your mouse or keyboard. Pressing the Windows key + L on a Windows computer will offer the option to lock your screen; whilst Command-Control-Q will instantly lock a Mac. 

Install anti-virus software

Most people are familiar with anti-virus programmes and may have already installed a basic software package. However, for your anti-virus software to be truly effective, you must regularly install new updates and bug fixes. The easiest way to make sure you’re up to date is with an ongoing support retainer from a trusted IT team.

Rather than blindly trusting that your documents are protected, we also recommend continuous monitoring. Remote IT support teams will regularly check that your anti-virus system is up-to-date and working as it should be. Reactive support for your security software means that any issues can be dealt with swiftly. 

Implement two-factor authentication

Two-factor authentication requires a user to input two passwords, or answer two security questions, before gaining access to certain files or functionality. This additional layer of security makes it substantially more difficult for hackers to access sensitive data. 

Most cloud service providers, including Apple, Google and Microsoft 365, provide the option to switch on two-factor authentication. It’s a simple security measure that allows you to verify users and manage access restrictions easily.

Encrypt your hard drive and cloud files

Disk encryption converts your files, operating system, software programmes and sensitive data into unreadable code. Rest assured, encryption doesn’t affect the day-to-day usage of your computer; but it does make it incredibly difficult for hackers to decrypt and interpret your data if any devices are lost or compromised.

Update your privacy policy

Although a privacy policy isn’t a form of data protection, it is a legal requirement if your website collects, processes or stores information from visitors. While it is advisable to seek legal advice, make sure that your policy is easy to understand, in plain English.

Privacy policies are very easy to put together; you can even use an online generator. You can use your privacy policy as an audit or checklist, to flag up any areas where you don’t have a GDPR-compliant process in place. If you need assistance, the International Organization for Standardization offers guidance on what your privacy policy should include. 

Business continuity in the event of a data breach

A data security breach, or even an accidental loss of sensitive information, both carry legal obligations under GDPR. For example, you must notify your clients within 72 hours if their personal information may be at risk. However, beyond the legislative implications of a data breach, it’s vital to have a business continuity plan in place. Secure backup and clear processes will help to minimise disruption to your business.
 

Manage your systems remotely

Among a multitude of security features, cloud-based systems allow you to manage your company’s data from anywhere. This means that, should a hacker gain access to your sensitive files, you can delete them from a distance. 

Article 17(1) of GDPR states that a “data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay”. This means that your clients and customers can request that you delete their identifiable data immediately. The easiest way to do this is with remote management of your storage. Remove records from all connected devices in one step, to comply with GDPR requirements. 

Regularly backup your data

Safeguard your data by storing a copy off-site, in a secure cloud data centre. Using multiple backup locations protects against both physical disaster and digital danger. 


Manual backups alone may not be sufficient to ensure business continuity after a full system restore. Can’t remember when you last backed up your vital business data? Then it was probably too long ago already. Choosing a managed, automated backup service, like trustbackup, will ensure that your data is safely backed up as often as every ten minutes. Backup management adds extra peace of mind, to ensure that your files are not corrupted or lost during the process. 
 

Practise data recovery/restore

Beyond backing up your data in a secure location, we recommend checking your backups regularly. You may need to retrieve deleted documents on an ad hoc basis; or you may want the security of a full system restore dummy-run. Either way, it’s important to know that your backup service is working as it should be. In the event of a security breach, a clear data recovery process is vital to keep your business running.