GDPR Blog 03: What are the business risks associated with poor security?

November 16th, 2017 3:51pm | Call RecordingData ProtectionGDPR

GDPR is a big subject that mainstream business across Europe, including the UK, are just starting to see on the radar despite the fact that it was announced in May 2016. Firms now have less than a year to get their houses in order and become compliant with the directive.

Businesses and organisations have come to increasingly rely on technology to transact business with the result that digital security has become a significant concern even for small, one-location businesses.

Security is a word frequently heard today in the media. It is a topic rapidly rising up the corporate ladder of importance and at the forefront of boardroom conversations.

Technology trends such as the increased use of personal devices at work (BYOD - Bring Your Own Device) and the rapid adoption of cloud based application deployment where the company data is no longer held on their premises are exacerbating the problems of security and introducing new risks that have to be managed.

With these changes comes the need for identity and access management; increasingly important as people move between these devices and access locations. Many of us now have up to five devices and 300 identities across various social media and shopping portals – not only are passwords now a nightmare to remember and keep secure, as a result, businesses are at risk from information being shared across an indefinite number of devices and networks.

Failures in security can cause major harm to a business in terms of reputational damage, loss of competitive advantage and fines for non-compliance with regulatory laws.

Examples of high profile ‘data breaches’ – a phrase that sounds fairly benign but in reality masks a breakdown in company security practice, are now increasingly common.

Many will remember the record £400,000 fine handed down to TalkTalk for security failings that led to the theft of personal data of almost 157,000 customers. Handing down the fine the Information Commissioner's Office (ICO) said the attack could have been prevented if TalkTalk had taken basic steps to protect customers’ information. All TalkTalk needed to have done was to ensure their data was encrypted.

The value of the fine was insignificant for a company of TalkTalk’s stature but their losses did not stop there.

At the time of the data loss TalkTalk shares stood at 317p, they quickly dropped to around 240p and following the announcement of the fine dropped again to 154p. A complete loss of confidence in the company caused a 50% loss in it’s value, saw an exodus of customers to competitors and the departure of their CEO. In comparison the fine was paltry.

The forthcoming new GDPR regulations concering data security and management adds a further dimension to these type of lossses in that the fines for non-compliance are huge – up to 4% of global turnover. If that same TalkTalk ‘data breach’ was to occur after May 2018 when the GDPR comes in to force the fine alone on the company could be up to £75million.

Many companies are still literally paying lip service to their data security liabilities while others are just plainly ignoring the regulation – figuring it can’t apply or happen to them.

That could work out to be a very expensive strategy.

How can Oak Innovation help?

Ability to remove recordings for a specific customer phone number

The ability to remove specific customer records is crucial to compliance. Under GDPR regulations, a data subject has the right to have their personal data rectified or forgotten. Oak makes it easy to find and remove specific records.

Secure recordings

All calls recorded on an Oak system are encrypted so they cannot be tampered with. Businesses are better protected from abuse, and in case of customer disagreements. stereo playback ensures perfect clarity as required by legal firms.

Store recordings for as long as you need

Oak systems can store a huge volume of recordings. Calls can be found using a wide range of criteria, for example, date, time, extension, CLI, DDI, telephone number, user defined flags or even customer reference if linked to a CRM system.