On 25 May
All of us are already fed up having received possibly hundreds of emails over the last few months asking us to approve privacy policies and update
The introduction of GDPR and the required changes to the transmission of personal data should be seen as a positive move and as individuals, I feel we have a part to play in ensuring that the risk to our personal data is
The main reasons for the development of GDPR were:
- Identity fraud has increased significantly and having seen a colleague affected by this, an enormous amount of time is spent trying to deal with the aftermath.
- Data is now more freely transmitted electronically rather than by post and very often it is not secure.
Personal data that you should try to protect include your full name, address, date of birth, bank account number, marital status, income levels, passport number to name but a few.
What should you be doing to protect yourself if you are asked to provide personal data?
- Ensure that you adequately verify anyone asking you for personal data over the phone. If you receive a call from the bank or HMRC for example, you are often asked to provide ID to confirm who you are under the guise of data protection? However this is the wrong way around as they have called you – they should actually provide you with ID information to confirm who they are. If in any doubt, don’t provide any personal information where a call hasn’t derived from yourself and especially if you are not expecting a call in the first place. If they are a reputable
organisation, they should be prepared to provide you with a contact number to return so that you can check them out either online or via a contact number that you may already have. (The excuse that a call is recorded is not a prerequisite that it is ok to provide information and they are genuine).
- If you are asked to provide personal data by email, ask the recipient how they want you to send it to them so that it is secure. Don’t be afraid to ask how they are dealing with GDPR in respect of your personal data. Make it clear that you require any information that is sent back out to be secured as well. We’re ahead of the game here at Lambert Chapman as we already use a secure Portal for transmitting data with our clients and many businesses will soon follow suit. What appears to be a common approach at the moment is that you may be asked to send a document and password protect it. This can be carried out quite easily with any document system and should provide a secure method.
HOWEVER, DO NOT SEND THE PASSWORD FOR THE DOCUMENT BY EMAIL – you must use an alternative method, for examplecall them or send a text with the information enclosed. If a hijacker can intercept the first email, they could also intercept the second, effectively giving them everything they need.
Whilst part of everyday life, do not underestimate the power of information put on social media sites and via email as these are the easiest methods of communication that can be intercepted. Whilst it may seem over the top if everyone starts getting into the habit of asking for data to be transmitted securely,
The views expressed in this article are the personal views of the Author and other professionals may express different views. They may not be the views of Lambert Chapman LLP. The material in the article cannot and should not be considered as exhaustive. Professional advice should be sought in connection with any of the issues contained in the article and the implementation of any actions.