GDPR: Security needs to be more than cat-proof

Evelyn Wolf by Evelyn Wolf   28 Mar


GDPR Security

So this is Stoffer. Even if you are a cat person, you have to admit she’s cute but kind of scary. She tends to keep us from gaining access to laptops (they are so comfortable) and would therefore be very basic security, right? Not quite. The rattling of a bag is all it takes to get her to move. She’s easily breakable. 

Security plays an important role in implementing the GDPR. At BusinessBrew we are not security experts and strongly advise you to consult with your IT team or external IT advisor on becoming fully compliant. What we want to talk about today are the simple basic steps that you can take today to make sure your marketing tools reach a basic security level.We have 4 basic security tips for marketers that you can implement today to make your security less breakable.

1. Check User Access Rights

Most of us use third party tools from cloud providers to run our marketing. Whether it’s an email tool, social media publishing tools, a CRM or automation tool. It’s easy to add users but when it comes to updating user rights and removing users we can get forgetful.

Head into your third party tools now and update each user to the just the level of access he or she needs and remove anyone who doesn’t need access.

Under the GDPR you need to show who has had access to data. Only those who need access should have it. Limiting this, limits the chance of a data breach.

2. Password protect your phone

It’s simple just to grab your phone, swipe and access all your apps, including your work email from your smartphone when you are on the go.

Your IT team might have additional security advice here. At the very least, ensure you have a pin or password in place to open your phone. If you are the type of person who easily misplaces their phone, get into the habit of logging out of work email and work related apps that process data.

In case of a data breach such as the loss of a work phone, you need to show reasonable measures taken to keep the data secure. The ability to logout of apps remotely is helpful as well as adding passwords and getting into good security habits like logging out is important to demonstrate in case of a breach.

3. Limit downloading lists

If you are an Excel lover this will be difficult. What we are talking about here is exporting data from a secure cloud environment onto a hard drive (aka your desktop) to work with the data.

Sometimes this can’t be avoided, but please ensure that you remove the data fully when you are done and that you have a secure desktop environment working with encryption and passwords. Again, your IT team will help make sure you are secure.

The GDPR covers how respectful we are of data. This includes how it is stored and for how long. Check your hard drive now and I’m pretty sure you’ll find some old lists or even CVs/applications on there that you had completely forgotten about. Try to work within your cloud tool to segment and work with your lists.

4. Stop emailing lists

Email may be relatively secure but it’s far from being Fort Knox! There is the fear of hacking but also human error (ever sent an email to John in Company A when you actually wanted to email John in Company B?). From a technical perspective, keep in mind that an email doesn’t travel from sender to recipient directly. It travels across multiple networks and servers before reaching its destination.

This is not a secure environment for data. Instead of emailing, consider secure cloud sharing or again speak to your IT team about how you can take basic encryption features (you should be using these today anyway) to a more secure level.

Sharing data is allowed under the GDPR if the data subject has consented to this. It’s not here to stop us from sharing, all the GDPR is asking for is that we do it in a secure fashion.

Change hats

To many marketers the GDPR is still a big pain in the backside that spells out lots of work and fear of fines. And it’s true, getting compliant will be a lot of work and while it’s doable, it’s complex to say the least. Here’s the thing that I ask all our clients in the compliance process to do:

Take off your marketing hat and put on your consumer hat. If it was your data processed in this way, how would you feel?

Often, the response to GDPR changes following this question. Keep asking yourself this and you’ll see that the GDPR is not only necessary to protect us as individuals but will also make us better marketers in the long run.


Topics: GDPR

Evelyn Wolf

Written by Evelyn Wolf

Inbound strategy specialist and content creator. She will turn your web presence into a magnet and always has wind in her sails.