Employee data: Everything you need to know about GDPR, Data Security and Privacy

By Rachel Lim on July 1, 2019


Data security and data privacy have separate definitions, but they both help prevent data leakage and exposure. Data security refers to the development of strategies, technology or systems which aim to protect personal information from hackers and cybercriminals. 

Data privacy refers to the extent of which you give consent or allow an external party or organisation to have access and use your personal data.

Why is this important?

Our increasing reliance on technology means that a good proportion of our data will be stored online. This means that anyone could track and find out a lot of information about you just from your social media presence. Further, 41% of organisation have files containing sensitive information like health records or bank account numbers, which means it’s extremely likely that there’s at least one organisation with access to your personal information or data.

You may not even be aware of how many organisations have access to your data. Think about it this way: your bank and all the bank accounts you have received or placed a transaction to probably knows your account information, all social media platforms know who you are friends with and what your interests are. And, these organisations plus any other company you have signed up or been associated knows your name, email, phone number and maybe even your house address.

If we are not careful, this information can be stolen and misused, which makes you vulnerable to identity and monetary theft, hacking and much more.

Why has this become relevant only now?

The exposure of personal information and sensitive, data and the violation of privacy has affected millions of people and organisations worldwide and at a number of instanced. According to Computer Business Review, there were 945 data breaches in the first six months of 2018, which resulted in a massive 4.5 Billion data records exposed or stolen from big companies like Adidas and Google.

Further, according to Digital Guardian, the number of data breaches has more than doubled from 2014 to 2017. With the increasing number of incidents, the issue of data security has become more pertinent. With hackers and cybercriminals getting smarter, it’s becomes even more important that we develop our systems and technology so we can protect ourselves.

How exactly does security breaches or cyber attacks affect me?

Ensuring your data and information is safe is extremely important for a variety of reasons. Here are some dangers that can result from data breaches:


  1. Identity Theft: the loss of valuable information, such as your name, identification number and passport information, can result in identity theft, which is when another person takes and uses your identity as their own.
  2. Money Loss: there are many ways this can happen. Perhaps your bank account details have been stolen, which means that someone could easily use your credit card. Organisations are commonly victims of ransoms, where a hacker has stolen valuable information and has blocked the organisation’s access to it. In order to access it, the organisation often has to pay a ridiculous amount to retrieve the information back.
  3. Stalking and Tracking: being careless with the information in your social media accounts can make it easy to stalk and track you. Needless to say, this is dangerous for you and your loved ones. In extreme cases, stalking can lead to harassment and direct harm.

What should organisations do for Data Security and Privacy?

An organisation has an equally, if not more, important role in ensuring that their employees and customers’ private information stays private. There are a couple of ways to do this:

  1. Prioritise improving data security and privacy: Many cyber attacks and data breaches are due to negligence on the organisation’s end. Prevent this by getting a team of experts to work on data security, ensuring that your company meets international data security standards such as GDPR and making your privacy and confidentiality policies strict and explicit. Making it a priority will ensure your company takes threats of hacking and cyber attacks seriously.
  2. Ensure all employees are aware of data security practices: There is no use setting strict privacy and security policies if your employees themselves don’t understand the importance of keeping data secure. It is important to train all employees to follow strict procedures to prevent leakage.
  3. Make customers aware of their rights over data and information: Just like your employees, your customers should also be aware of the importance of data security. Your organisation should also ensure that your customers are aware of their data security rights, such as the right to withhold and control the extent of the information you hold about them. For more information, head here.
  4. Manage your computer network and security system: Ensure that your company uses appropriate and reliable sources to block malicious attempts and protect their records and sensitive files. This does not only apply to tech and software companies, but any organisation which utilises any software or digital platforms to store and use information. Some methods to consider is encrypting the data, using firewalls and setting up an appropriate system to update and keep passwords.
  5. Test your system: Get your data security team to conduct tests to validate how strong your security system is. You can do this by simulating an external attack and testing to see if your system blocks it effectively.

What can you do to protect your data?

As an individual, there are some ways you can protect your data and reduce the chances of hacking.

  1. Don’t give out personal information over the phone or text: You may have noticed that many communication platforms like Facebook Messenger and WhatsApp encrypt their message, which basically means everything you type or say is recorded, and worse, can be tracked. Therefore, it’s best not to reveal anything too sensitive.
  2. Don’t use outside wifi for sensitive activities: For instance, don’t book a flight or make a bank transaction using public wifi, or while you are sitting at a cafe. Not only does it increase your chances or revealing your personal information to passerby strangers, you never know if the wifi you’re using is secure or if it can be easily hacked.
  3. Use strong passwords: Many people use the same, simple password for multiple accounts, which makes it easier for hackers and cybercriminals to gain access to several of an individual’s accounts.
  4. Update your passwords frequently: if you don’t update or change your password frequently, you may want to consider doing so, as to help attacks with malicious intent. If you struggle with this, perhaps you want to consider using a password management tool which can prevent you from accidentally revealing your password in a public place, or from forgetting it.
  5. Be aware of ‘red flags’: Be on constant alert for any signs of a virus or any attempt to hack your data and get your personal information. These include not clicking weird pop ups from unfamiliar sources, using some form of ad and virus blocker, and immediately deleting or reporting email attachments from suspicious looking sources.

The bottom line is: data security and privacy is an important consideration regardless if you are an individual or an organisation. Cyberattacks and data breaches places many victims in danger. Luckily, there are many ways to help bring awareness of data security, and to prevent severe malicious attacks. It’s better to be aware now before it’s too late.

Read more

EngageRocket GDPR Data Privacy



Tags: Data, Strategy

Related Articles