Data protection for your trade

The Digital Era has led to the digitalisation of most companies, regardless of size or sector, increasing the importance of data protection. The information and data that a company possesses are very valuable assets for any type of organisation, as they not only help them in the day-to-day running of the business, but also allow for an expansion that, in the past, was only possible through large investments. 

 If your trade has an online presence, it is essential that you keep in mind in your daily work, on the one hand, the protection of your data to avoid being a victim of cyber-attacks and numerous risks and, on the other hand, the protection of your customers' data by providing the maximum possible security, thus generating a competitive advantage over other businesses. 

Protecting your information ensures the continuity of your business by minimising the risks to which it is exposed.

The objective of introducing the necessary security measures is primarily to protect your information, guarantee the continuity of your business and minimise the risks to which your business is exposed by having a presence on the Internet. 

The amount of information handled in a company is sometimes immeasurable, and is made up of customer data, employee data, supplier data, information on the products or services offered, intellectual property, ‘know-how’, etc. and a long etc. Due to the importance of such data, it is essential to have them protected and safe from risks and potential attacks. 

Despite the fact that many companies are aware of the importance of data in their organisations, the Maturity Data Driven 2021 study carried out by Incipy shows that only 36.1% of Spanish companies say that they have a data culture in place in their company. Has your company already started to prioritise data protection?

Effective management of the information and data generated in your business will translate into benefits in the medium and long term. In order to achieve good management of personal data, it is necessary to consider the General Data Protection Regulation or GDPR, which must be complied with by all companies, public entities or professionals that handle personal data of third parties.

The main objective of the GDPR is for all companies to comply with a number of obligations to protect the personal data of their customers, suppliers and employees

In order to clarify and define which personal and non-personal data need to be protected by companies, we provide a number of examples:

• Personal data: first and last name, address, email address, ID number, bank account or credit card number, location data, mobile device ID, cookie identifier, phone advertising identifier, social security number, IP address, cookie ID, etc.

• Non-personal data: commercial register number, mailing address (without personal data) and anonymised data.  

Regarding the internal data generated in your company, you can adopt certain measures to bring more security to your work and to your customers:

1. Classify the information, based on what type of data you have in your business, so you can treat it according to the category. Categories could be, for example, confidential (only accessible to a certain group of people, subject to a duty of confidentiality), internal (e.g., only accessible by employees of a company) and public (accessible even by third parties, so it can be disclosed).

2. Encrypt sensitive information to help protect the security of the information contained on your computers, laptops, mobiles and backups, so that in the event of theft or attempted illicit access, the intruder cannot view the data.

3. Establish a clean desk policy, which implies that no document that may contain personal, confidential and/or sensitive data is left in view.

4. Store customers' encrypted passwords so that they are protected at all times and never send them as plain text.

5. Use long combined passwords with letters, numbers and symbols, and change them from time to time for better protection.

6. Inform employees of the action protocols and security steps that must be followed in your company to offer the best possible protection. They should also be familiar with basic aspects of the regulations, in order to guarantee the proper use of the data to which they have access, and they should know the rights that protect the owners of this data. It is essential to raise awareness of the importance of this aspect of business.

7. Restrict access to your employees, so that only the information and data necessary to perform their duties is available to them.

8. Use trust seals to demonstrate to the customer your commitment to conduct yourself in a compliant manner and that they are applied in your company.

9. Destroy unnecessary customer and employee data on both physical and virtual media, provided that there is no lawful reason to keep it, and that there is no regulation requiring us to keep it for longer periods (e.g., tax obligation to keep invoices for at least 5 years).

10. Create backup copies and store them in the cloud of all types of information such as databases, e-commerce information, applications, etc., and make them accessible at any time.

11. Keep all your devices and equipment you work with on a daily basis free of viruses and other risks.  

In the digital world, data protection has become a basic and fundamental aspect of the day-to-day life of all types of businesses, largely due to the vulnerability of their exposure in the risk-filled online world.

For all these reasons, maintaining good data processing in accordance with the regulations and complying with the established obligations will be a guarantee of success and the only way to avoid heavy penalties.