GDPR on Holiday
Switch on Data Protection

Don’t leave your data protection hat at home!

How keeping on top of the GDPR can help improve your holiday…

Ahhhh! Who doesn’t love the chance to get away, switch off and tune out?!

Besides, work will still be there when you get back and you can always play catch-up when you return…

If only that were true of your data protection responsibilities though – because the GDPR never goes on leave! What’s more, no one wants to return to a crisis!

So, spending a bit of extra time getting everything in order before you go and being careful when you’re away can make a huge difference to you being able to relax properly.

Here are some tips and pointers on how to get some GDPR-peace-of-mind during your holidays…

1. Don’t let a breach ruin the beach!

No matter how well-prepared a business may be, a data breach always remains a possibility; and, to minimise the risks against this happening, most companies will have carried out a DPIA (Data Protection Impact Assessment)

Just as important, though, is having a contingency plan in place should the proverbial hit the fan. It means that, despite you being thousands of miles away and powerless to help in person, those back at head office should know exactly what they need to do. Then, safe in the knowledge that they’re coping okay with the fallout, you won’t have to resort to sticking your head in the sand…

2. Subject Access Requests don’t take holidays either…

In the same way that the GDPR never takes time off, nor do Subject Access Requests (SARs). In fact, they’re extremely time-sensitive – giving you just a month to not only acknowledge the request but also get back to the individual with details of all the personal data you hold on them.

So, make sure that you’re not the only person in the business who knows how to handle them (or how to recognise one – because a received SAR may not even use the words ‘Subject Access Request’). Having as many people as possible trained in dealing with SARs should mean that you’ll have plenty of staff available to cover any that come in during the holiday period, and won’t have you fretting that after your 14-day break, you only have less than a month to respond!

3. Even DPOs are allowed OOOs…

In an ideal GDPR world, every business would have its own Data Protection Officer (DPO). Unfortunately, not every business can warrant the luxury of having someone specifically designated to deal with all things data protection.

If you do, though, remember that they need to take leave too. So, when someone receives their Out of Office reply (see, that was the OOO!), it should contain all the contact details of the go-to person deputising in their absence. Even if you don’t have a DPO, it’s still worth having someone you can rely on to take care of things and hold the data protection fort whilst you’re away.

4. Public Wi-Fi is a hacker’s dream!

There’s a reason it’s called ‘public’ and not ‘private Wi-Fi’. And because anyone can access it, it tends not to be too secure – especially in airports, hotels and coffee shops. It’s why hackers love it and, in extreme cases, go to the trouble of creating a Wi-Fi network that isn’t even authentic! (Apparently, when logging on to the Wi-Fi network at Dubai International Airport, you need to provide your passport information – which isn’t great if it’s been compromised!)

So, when you’re using your phone, tablet or laptop in those places (laptop on holiday? Really?!), consider using your data instead of connecting to the public Wi-Fi. You could be saving yourself from a world of bother, particularly if you have work stuff and customer info on there…

5. Work mobiles and holidays don’t usually mix.

As well as not getting shouted at by your holiday companion, leaving your work phone at home means you’ve more chance of switching off from work for a week or two.

It also means that you’re not potentially putting your customer data (and all your other contacts) unnecessarily at risk. Because of increased security measures, Customs and Border Control agencies can now insist that you unlock and hand over your phone for inspection, and then make a copy of anything and everything that’s on there. Even though you’ve nothing to hide, you’ve now relinquished information that you’d (hopefully) committed to protect under the GDPR. Moreover, what then happens to that information and who else it’s shared with is now out of your control; and the more places your data ends up, the more vulnerable it becomes…

Get in touch anytime – we’re here to help!

We probably shouldn’t admit this, but when we get to enjoy a hard-earned break, we still think about data protection.

Yet being mindful of online security and staying on top of your GDPR responsibilities when you’re away doesn’t have to mean you can’t unwind.

If anything, it means you can enjoy the sun, sea, sangria and se….clusion even more – which has got to be better than the worry of things going pear-shaped and the potential for stress, strain and silent screams of “Ohhhhh sh*t!” 😯

Until next time...