Rise of data security concerns
The recent prosecution of a motor trade employee who stole data from his employer underlines the fact that data security is a growing concern for all businesses.
But although individuals can be prosecuted for deliberately stealing customers' data, repairers shouldn't be fooled into thinking their business will be absolved of any responsibility in such circumstances.
If the ICO determine processes and procedures were not put in place to reduce the risk of data breaches and actions of rogue employees, businesses could still face a hefty fine under GDPR.
Stolen customer data can lead to nuisance sales calls at one end of the scale, all the way to identity fraud and compromised bank accounts at the other, so the fall out can be significant, damaging trust and brand reputation. So what can garages do to avoid the risks of a data breach?
Mark Kelland, commercial manager of Dragon2000, explained, 'It's important to ensure that all staff and subsequent new employees are educated on the seriousness of data protection. Garages should explain their business policies and procedures, which many will have defined in complying with GDPR, which they must adhere to.
'Employment contracts should also be updated to ensure they make clear what is expected of employees regarding data protection. Their agreement to it will make taking action easier, should they breach the rules, and it also shows that measures have been put in place to help to prevent misuse of customer data. It is worth reminding employees that they can be prosecuted as an individual if they deliberately obtain personal data without permission and face fines, or even a prison term.
'Garages can reduce the risk of data theft by making sure all employees have their own individual logins for any of systems containing personal customer data. Change passwords immediately if it is suspected they have been compromised and only give personalised employee login permissions for system areas and data that is required for them to perform their role. Staff also need to be warned not to share login credentials with their colleagues – this will avoid accountability issues and potential misuse.
'Finally, revoke system logins for ex-employees upon them leaving and do not leave them live for someone else to use. If garages follow these simple procedures, they will significantly reduce the risk of data theft and avert the commercial and financial impact of a breach.'