GDPR - anyone working in this area?
Discussion
yajeed said:
DId you really just say ‘get cyber essentials to reduce risk’?
That’s like telling an F1 team to check their tyres for nails before qualifying.
I'm guessing that if you put Cyber Essentials or Cyber Essentials Plus in front of many SMB's it would come as a hell of a shock.That’s like telling an F1 team to check their tyres for nails before qualifying.
It shows you're taking security seriously by ensuring you're doing the basics right and if you're not doing the basics right, doing them right will reduce risk.
bhstewie said:
I'm guessing that if you put Cyber Essentials or Cyber Essentials Plus in front of many SMB's it would come as a hell of a shock.
It shows you're taking security seriously by ensuring you're doing the basics right and if you're not doing the basics right, doing them right will reduce risk.
Well, it shows you've done something, which is better than doing nothing. It shows you're taking security seriously by ensuring you're doing the basics right and if you're not doing the basics right, doing them right will reduce risk.
Maybe I'm out of touch with the lack off effort small companies apply to cyber security. I appreciate everyone can't spend tens of millions every year, but given the fact that never a week goes by without a compromise making the mainstream news, I'm surprised people don't do the basics; CSE sets the bar very, very low.
yajeed said:
Well, it shows you've done something, which is better than doing nothing.
Maybe I'm out of touch with the lack off effort small companies apply to cyber security. I appreciate everyone can't spend tens of millions every year, but given the fact that never a week goes by without a compromise making the mainstream news, I'm surprised people don't do the basics; CSE sets the bar very, very low.
I would guess that if you speak to many SMB's they have a ton of issues such as:Maybe I'm out of touch with the lack off effort small companies apply to cyber security. I appreciate everyone can't spend tens of millions every year, but given the fact that never a week goes by without a compromise making the mainstream news, I'm surprised people don't do the basics; CSE sets the bar very, very low.
- Password policy
- Admin rights
- Patching
- No policies around encryption (USB in particular)
Hoofy said:
Thinking about the current data I have for marketing to people.
Is it enough to email them (mailchimp) and ask them to review their subscription to confirm that it's ok to contact them still?
What if they don't check their email or my email goes into spam?
I'm seeing a lot more emails from companies saying "Click to confirm we're OK to still contact you after GDPR".Is it enough to email them (mailchimp) and ask them to review their subscription to confirm that it's ok to contact them still?
What if they don't check their email or my email goes into spam?
If they don't check their email or it goes into spam, take it that it's not OK to contact them any more.
bhstewie said:
Hoofy said:
Thinking about the current data I have for marketing to people.
Is it enough to email them (mailchimp) and ask them to review their subscription to confirm that it's ok to contact them still?
What if they don't check their email or my email goes into spam?
I'm seeing a lot more emails from companies saying "Click to confirm we're OK to still contact you after GDPR".Is it enough to email them (mailchimp) and ask them to review their subscription to confirm that it's ok to contact them still?
What if they don't check their email or my email goes into spam?
If they don't check their email or it goes into spam, take it that it's not OK to contact them any more.
You're left with data where people have unsubscribed plus a load of subscribers who are happy to continue or haven't read the email.
Hoofy said:
Thought so. How do you manage that in mailchimp, then?
You're left with data where people have unsubscribed plus a load of subscribers who are happy to continue or haven't read the email.
There is already a big push to "confirmed opt in" which means that unless you have, as the name suggests, confirmed that you want to receive emails, you don't get them.You're left with data where people have unsubscribed plus a load of subscribers who are happy to continue or haven't read the email.
So if you haven't read the email you can't have opted in so you don't get any more emails.
I don't use MailChimp personally but it looks like you can do a re-confirmation here https://kb.mailchimp.com/lists/manage-contacts/rec... (test first )
DELETED: Comment made by a member who's account has been deleted.
Thanks, that's good to know. The "sub-processors" bit is interesting - I'm not convinced we process data at all in any meaningful way. We don't do any organised marketing, for example. The data we hold is just for opportunity management.Sheepshanks said:
So what would you suggest an SME should do regarding cyber security?
Speaking personally I'd focus on three things as a minimum:- Management buy-in that cyber security is not seen as "an IT issue" rather a business issue
- Put in a program of staff training and awareness
- Use frameworks such as Cyber Essentials to help ensure you're doing the basics properly
bhstewie said:
Hoofy said:
Thought so. How do you manage that in mailchimp, then?
You're left with data where people have unsubscribed plus a load of subscribers who are happy to continue or haven't read the email.
There is already a big push to "confirmed opt in" which means that unless you have, as the name suggests, confirmed that you want to receive emails, you don't get them.You're left with data where people have unsubscribed plus a load of subscribers who are happy to continue or haven't read the email.
So if you haven't read the email you can't have opted in so you don't get any more emails.
I don't use MailChimp personally but it looks like you can do a re-confirmation here https://kb.mailchimp.com/lists/manage-contacts/rec... (test first )
I am sure to lose about 80% of my mailing list. Thankfully it is only a small one!
Hoofy said:
Thanks. That's a lot of faff but essentially what I was thinking - emailing out a new form on my website.
I am sure to lose about 80% of my mailing list. Thankfully it is only a small one!
Where did those addresses come from though?I am sure to lose about 80% of my mailing list. Thankfully it is only a small one!
If they're people who've purchased from you that's entirely different to a random list of names you've scraped from LinkedIn or paid for.
DELETED: Comment made by a member who's account has been deleted.
You’ve also resorted to name calling in a couple of posts, which probably means this is unlikely to be a great debate.
Whether I’m an ass, or you’re pretending to be something you’re not, seems we’re unlikely to agree.
Do carry on spreading the good word and I’ll expect to see that 80% reduction of intrusions you’re orchestrating...
Hoofy said:
I am sure to lose about 80% of my mailing list.!
DELETED: Comment made by a member who's account has been deleted. bhstewie said:
Hoofy said:
Thanks. That's a lot of faff but essentially what I was thinking - emailing out a new form on my website.
I am sure to lose about 80% of my mailing list. Thankfully it is only a small one!
Where did those addresses come from though?I am sure to lose about 80% of my mailing list. Thankfully it is only a small one!
If they're people who've purchased from you that's entirely different to a random list of names you've scraped from LinkedIn or paid for.
Hoofy said:
The list I'm most concerned about is people who've attended workshops I've run in the last 12 months so B2C. Generally, people have unsubscribed post-contact at the time.
DELETED: Comment made by a member who's account has been deleted.I'm going to create a form and ask people to fill it in. Moving forward, that will be the list I work with.
ICANN (.com domain name register) is going to miss the deadline for GDPR by a year. Could be the first organization to see a big fine?
plasticpig said:
ICANN (.com domain name register) is going to miss the deadline for GDPR by a year. Could be the first organization to see a big fine?
Won't they simply remove all the PII data from public view?I am interested to see Companies House response to the regulations.
CzechItOut said:
Won't they simply remove all the PII data from public view?
I am interested to see Companies House response to the regulations.
Companies House aim to be GDPR compliant. They do however have a statutory duty to publish some information on directors. Directors can provide a service address; they don't have to provide a home address.I am interested to see Companies House response to the regulations.
Gassing Station | Business | Top of Page | What's New | My Stuff