GDPR – new law but the same weakest link
One of the key principles of the GDPR is the need to keep personal data secure. Most organisations have implemented new or enhanced technical solutions over the last couple of years with a view to meeting these obligations.
The weakest link though is not the technology. It’s not even the threat posed by hackers, phishers or scammers. It’s “people”.
They are the ones who are prone to leave laptops on the train, or to plug memory sticks into their computers without virus checking them, or to click on attachments to rogue emails.
And to put lists of email addresses in the “To” or “cc” fields rather than in the “bcc” field when sending an email to a list of recipients. The Government has suffered the embarrassment of this particular human error not once but twice in the spring of 2019.
First the government has made an unreserved apology for disclosing the email addresses of some 500 members of the Windrush generation when emailing them using a list of email addresses. Then the Home Office in the same way revealed the personal email addresses of 240 EU citizens who were involved in the process of seeking settled status in the UK in the context of Brexit; they blamed it on human error.
Organisations need to continue to train their people and to remind them of the importance of keeping personal data secure. Compliance with GDPR is an ongoing requirement.
This update is for general purposes and guidance only and does not constitute legal or professional advice. You should seek legal advice before relying on its content. This update relates to the prevailing circumstances at the date of its original publication and may not have been updated to reflect subsequent developments. If you have general queries about our updates, please email: firstname.lastname@example.org