It's been less than a month since the General Data Protection Regulation was enforced, yet Dixons Carphone's chief executive Alex Baldock has already admitted falling short of their responsibilities to protect customer data.
- 5.9 million customers' cards hit
- 1.2 million personal data records have been accessed by hackers
Tom Hodgson, Business Development Manager at Qualsys comments:
The recent data breach at Dixons Carphone highlights that the management of sensitive customer data is fraught with risk, particularly for large, multi-site organisations with complex IT systems.
A deep understanding of data security principles and robust implementation of GDPR procedures is absolutely essential to avoid the reputational damage and potential financial penalties breaches like this one can bring.”
If you're yet to implement a robust data management strategy, Tom has shared three steps:
1) Start with a data audit
- What data does your business have?
- Why do you need the data?
- Who processes it?
- How is the data processed?
Our customers can use a combination of Equipment Manager, Audit Manager, Asset Manager and Supplier Manager to manage a DPR.
2) Do a data risk assessment
Now you have a data processing register, you can assess the data risks:
- What are the potential risks / opportunities?
- Are the controls adequate?
- How do you control the risk?
Risk Manager provides a framework for ensuring all your data risks have been considered, managed and assigned roles.
3) Communicate & train
All employees need to understand their roles and responsibilities, and feel empowered to identify and communicate risks they see.
- Are your policies up to date?
- Are your employees trained?
What to do now:
Download the GDPR toolkit to get more free resources to help you implement a robust data protection management system.