GDPR Equifax and The Weakest Link
GDPR is just around the corner
Now that GDPR is just around the corner, there is a big influx of technology companies and consultants providing solutions and advice on complying with GDPR.
With the recent Equifax hack, it’s becoming more apparent how important GDPR is, and even more so, how important it is for people to understand what it really means.
GDPR isn’t supposed to be a pain in the arse and you shouldn’t view it as such. GDPR is a set of guidelines to help you as a business to protect your business. You should view it more as a body giving you advice on how best to collect customer data and protect customers from potential breaches.
The interesting thing that I have found is that people are looking for tech solutions to make them compliant, when in actual fact this needs to come from within the business, the Equifax hack is a testament to that.
In September it became apparent that the one place that shouldn’t be hacked, was hacked. Equifax is a credit checking service that holds personally identifiable information about people that allows businesses to check to see if people are eligible for any form credit. Companies like Equifax are used by big businesses to check to see if you’re eligible for a new credit card, mobile phone contract or insurance amongst other things.
For a hacker, this is a goldmine. The information that they stole will allow them to steal identities and obtain credit in anyones name for the foreseeable future. Even worse, they can sell this information to people on the dark web. The information that they gathered doesn’t have a time limit either. It’s likely that there will be no immediate effect for people right now, but in months or years to come, it will ironically have a negative effect on their credit rating as credit cards are opened in their name and payments defaulted on.
Richard Smith, former CEO of Equifax told Congress that it was human error at the heart of the hack where an employee had failed to patch a system that gave hackers access to sensitive information. Not only this, but the hack was actually discovered in July and the extent of the breach only made public in September.
It’s very clear from this that GDPR needs to not just be an implementation of technology, but a change in the process that companies and data processors handle customer data.
As a company, we advise companies not just how to use our platform, but enforce best practices in managing and analysing customer data. We could build the most amazing and secure platform in the world, but if our customers export data en-masse as a CSV, we no longer have control over that and it’s not encrypted. To get around this, we help our customers to provide integrations between systems that don’t just provide direct connections to their CRM’s, but prevent them from making mistakes that could damage their business and reputation or even worse, land a big fine.
Our advice
If you’re worried about GDPR, stop looking for technology to solve the problem, research and find a good GDPR consultant (we work with an amazing one!). Let them evaluate and audit your entire business and they’ll advise you on the best and most cost effective approaches to securing both your customer and critical business data.
If you accept that being hacked is inevitable, you can put processes in place to protect yourself, as well as processes to limit the damage. GDPR is here to help, not to hinder. We’d be interested to hear your views, contact us we’re always up for a discussion!