Published 29th of November 2017

As reported by the Guardian, Uber is the latest in a series of high profile companies to suffer from hacking and other forms of data protection concerns this year.

Uber’s case is even worse thanks to their attempt to cover up the hack, which has only now been exposed despite its occurrence in October 2016. According to James Dipple-Johnstone, speaking to the Guardian from the UK’s information commissioner’s office, “Uber’s announcement about a concealed data breach last October raises huge concerns around its data protection policies and ethics.”

Dipple-Johnstone’s comment should be a wake up call for businesses across the UK. Uber might be a multi-billion dollar business giant with a huge target on its back, but the warning about data protection policies is timely and should be heeded by businesses of all shapes and sizes here in the UK.

GDPR is just 181 days away at the time of publishing - around 6 months - and businesses that don’t have a clear policy on data protection are at risk of incurring sanctions that could be much more severe than those in our current system

While Uber’s case focused on digital information accessible to online hackers, GDPR’s reach stretches to offline data as well. The customer data you have stored in filing cabinets or locked cupboards is vulnerable and subject to the new European regulations.

If that data is lost, stolen or misused, your business will have to answer for it. However, steps can be taken to reduce the likelihood of this happening. The first thing to do is start working on a data protection policy immediately.

It is important that everyone in the company knows the processes for obtaining data (especially regarding consent, which is a cause for concern in Uber’s case), where and how to store it, and how to dispose of it when it’s no longer required.

This last point is especially important. The right to be forgotten is a crucial aspect of GDPR and an important defence against the kind of breaches suffered by the likes of Uber. Shredding and digitising (scanning) the documents you no longer need to keep in physical form adds a layer of protection against theft and loss that physical office storage can’t offer. Our recent blog post explores different ways to deal with sensitive documents.

With GDPR on the horizon and high profile data breach cases like Uber’s in the news, it’s essential that UK businesses don’t lose sight of the importance of data security. The new sanctions are proportional to revenue, so any business found to be breaching the regulations could be hit hard, regardless of how large or small they are.

If you’re concerned about your business’s document security, contact us today to find out how we can help.