Management, Small Business
Don’t Make Data Security The Weak Link In Your Supply Chain
With the EU’s General Data Protection Regulation (GDPR) legislation now in force, businesses of all sizes have been looking closely at how they manage customer data to ensure they comply with the new rules.
But no matter how rigorous your own security processes are, a weak link elsewhere in the supply chain could pose a significant threat to your business. In a world where IT infrastructure is more sophisticated than ever, and hackers could target any organisation, we are acutely aware that a data breach is unlikely to be contained within one business.
The penalties for contravening the GDPR are clear – but questions have arisen about who is responsible for data held by third parties, and what happens if fraudsters steal it.
Whether you use a third-party company for Marketing, HR, data analysis or any other activity, you need to be confident their systems align to the GDPR requirements.
Our research found that, while 43% of large businesses review the policies and procedures of third party suppliers at least once a year, just 20% of small to medium-sized businesses do the same*. Often, it’s due to smaller budgets and limited resources, yet a security breach could have far-reaching consequences, potentially affecting their ability to trade, and leaving their relationships and future reputation at risk.
Although you can never eliminate the risks entirely, it’s possible to reduce them by taking a ‘big picture’ view of your supplier network, and holding each partner accountable. However, our investigations show some companies have a long way to go, with a quarter of those surveyed saying they were unsure whether their suppliers could notify them within 72 hours of a breach.
The GDPR might be unchartered territory for some organisations, and the complex language and prospect of enormous fines have no doubt left many small business owners feeling anxious. However, with the threat of a cyber-attack always looming, adopting an ‘at risk’ mindset is critical for your current and future success.
It’s never been more important to exercise due diligence when working with suppliers, which means taking the time to carry out thorough background checks, verify their security procedures and ensure their data is cleansed regularly and checked for quality.
Of course, it’s also essential that you have a fully-documented plan in place should a breach occur. Even if you’re still trying to make sense of the GDPR, the usual business rules still apply: make your customers a priority and, if their details are compromised, be open. Assess your situation and plan for how you might communicate to those who have been affected and how you will support them. It certainly pays to have a pre-prepared communications template ready – and you should check your suppliers are doing the same.
As supply chains become more complex and extensive, often stretching across the world, businesses cannot rely on tick-box exercises to safeguard their customer data. Instead, they must share the same attitude to risk and follow the correct protocol at every step.