Wasn’t GDPR just a one-off event? We’re sorted, aren’t we?
Why should I care? Are you going to get caught out or punished for not having these things in place? My response to that question is always consistent. You possibly won’t. If you haven’t done these things and nothing ever goes wrong, you’ll almost certainly be fine.
However, is that the right and ethical approach for those you hold the data of, or the best practice for your organisation in the event of an incident? No. My recommendation is to continue working through your GDPR to-do list, even if that means dusting it off from the bottom of that drawer it’s been placed in.
From a business protection point of view, think Health & Safety. It’s highly unlikely you’ll ever have a fire on your premises, or have someone slip over on a pool of water and slip and break a leg, but you don’t have open flames in your workplace or leave spills, do you? Just in case. You’ll probably have is a fire blanket in the kitchen, fire extinguishers on the wall and a yellow hazard sign ready and waiting to put up in the event of a spill. Your electrical items will be tested once a year. There will be fire escape routes well signed and communicated. Just. In. Case.
I find a Diamond Ring analogy gets the most understanding. Customers, connections and staff are giving you information that is valuable to them, and would be valuable to others. They don’t want it to be stolen, damaged, given away/sold or lost. Would you leave their Diamond ring out on a desk whilst you go for lunch or leave it on the printer? Would you shove it in a drawer overnight when a perfectly good lockable
secure unit was available? Would you trust it to a brand new employee you’ve just employed if they hadn’t been trained in how to look after it?
Think about how you handle your paperwork, your laptop, your HubSpot passwords and consider whether you are securing them like you would a diamond ring. Treat other people’s data like you’d expect your own to be treated and you won’t go far