Five-point Checklist On Potential GDPR Breaches You May Have Missed

Jun 8, 2018

Assuming that you’ve already spent hours (or days) on preparing your business to be GDPR compliant, you might have realised that the compliance is an ongoing process. For that reason, we prepared a five-point checklist of not-so-obvious GDPR breaches you might have not thought about to make sure you don’t fall into any of the hidden pitfalls.

1. Are you sending secure emails?

One of the GDPR principles is to protect the identification of personal data (PII – Personal Identifying Information). One of the forms of sending PII is through email communication. If your business is using an email hosting provider (for example, if your email address is then you may want to make sure it is protected from the data leak. The standard email hosting services aren’t usually encrypted, which means if a third-party access your e-mails, they will be able to see everything as you sent it, including attachments. But the good news is that you can secure your company mailbox through your email hosting service.

2. Sending an email to the wrong recipient

Although it sounds like a rare incident, sending an email to a wrong recipient happens relatively often and may lead to a data leak. Double checking if the email address is correct prior sending may be not enough if you are sending some sensitive data. In this case, best practice is to attach it as a password protected file, and share the password with the recipient through a different, secure channel (for example, a phone call or WhatsApp). This way, if the email gets to a wrong person, the data you sent will remain safe.

3. Using file sharing services without passwords

Dropbox comes in handy when you need to share large files, but it may need some extra security when you are sharing sensitive personal data. On many occasions, people share an unsecured link to a certain group of recipients believing it is not going to get into wrong hands. In reality, if the link gets captured by a third party you may end up being accountable for a data breach. To prevent that, it is recommended to secure access to the data with a password and delete the file from the server once it has been successfully shared.

4. Using weak passwords

Sending password protected files may not be enough if you follow poor password practices, which can expose your business to a data leak. To avoid this, make sure you are using a combination of letters (both upper and lower case), numbers and special characters. For extra security, try not to use the same password twice and remember to keep it secure. If you need to share a password (for example if you are sharing a Dropbox file) make sure it is unique and never re-use it. If you’re having trouble remembering long and complicated passwords, you may want to use a password management system such as 1Password or Last Pass.

5. Using insecure online collaboration services for storing sensitive data

Online collaboration services like Google Sheets or Google Docs are undoubtedly really convenient way to collaborate online. However, these also have their downsides. You need to be cautious while setting the access rules, i.e. who can see, edit, share and download to make sure the file doesn’t get into the wrong hands. Also, if you want to add extra security, consider setting the password to access the file. Alternatively, you can also switch to a more secure tool like Office365.