David Woods

+44 (0)1733 887793 dvwoods@greenwoodsgrm.co.uk

View full profile →

GDPR – new law but the same weakest link

Corporate and Commercial / 16 April 2019

One of the key principles of the GDPR is the need to keep personal data secure.  Most organisations have implemented new or enhanced technical solutions over the last couple of years with a view to meeting these obligations.

The weakest link though is not the technology.  It’s not even the threat posed by hackers, phishers or scammers.  It’s “people”.

They are the ones who are prone to leave laptops on the train, or to plug memory sticks into their computers without virus checking them, or to click on attachments to rogue emails.

And to put lists of email addresses in the “To” or “cc” fields rather than in the “bcc” field when sending an email to a list of recipients. The Government has suffered the embarrassment of this particular human error not once but twice in the spring of 2019.

First the government has made an unreserved apology for disclosing the email addresses of some 500 members of the Windrush generation when emailing them using a list of email addresses.  Then the Home Office in the same way revealed the personal email addresses of 240 EU citizens who were involved in the process of seeking settled status in the UK in the context of Brexit; they blamed it on human error.

Organisations need to continue to train their people and to remind them of the importance of keeping personal data secure. Compliance with GDPR is an ongoing requirement.

Back to Our Thinking →

Get in touch with us

Interested in finding out more? Use this form to let us know how to contact you and what you’d like to know, and we’ll get back to you.

Alternatively, contact anyone listed on our website direct, they will be happy to hear from you.

  • This field is for validation purposes and should be left unchanged.