GDPR: Mitigating the cyber-risks for digital businesses

For digital businesses across all industries and markets, there are a number of risks which freelancers and contractors may face as a result of the new GDPR regulations. In this article, Janthana Kaenprakhamroy, founder of Tapoly, explores what you need to consider when embarking on new projects, contracts and activities to ensure you not only protect yourself against any risks of regulation breaches, but remain an attractive candidate for future work.

The impact of GDPR

With new General Data Protection Regulations (GDPR) now in effect for all European Union Member States, organizations and professionals all across the world have taken major steps to ensure all personal data they retain is secure and that the data owners are aware of how their information will be used.  This new legislation has highlighted the challenges facing those working in the digital space and the potential risks they now face with regards to cyber security and regulation breaches. For digital freelancers and contractors who aren’t covered by wider organization policies and procedures, the risk is ten fold. As a result, those working in the digital space need to take steps to protect themselves from new potential risks.

In simple terms, GDPR is about the explicit consent of data storage, giving people more control of their personal and sensitive data and simplifying these rules so they’re the same across the EU. It’s important that you understand what information you should have access to and what you’re able to do with it. Non-compliance of GDPR rules can result in a fine of up to 4% of annual turnover; therefore it’s essential you handle data with care and you are aware of the policies and procedures of any companies you work with.

The definition of personal data

Due to the nature of working externally, freelancers tend to acquire and retain a large amount of personal data and contact details. According to GDPR guidelines, personal data must be processed in a manner ensuring an appropriate level of security, meaning that measures must be taken to protect against unauthorized or unlawful processing and accidental loss, destruction or damage of data. Freelancers and contractors aren’t generally covered by the same processes that traditional employees are when it comes to data protection regulations, and they’re more exposed to a number of risks in terms of how they are protecting data.

Practical steps

Here are a few steps to making sure that, as a freelancer or contractor, you are GDPR compliant:

  • Document all the data you hold, including where you got it from.
  • Read up on the Information Commissioner’s Office’s “Privacy Impact Assessments.”
  • Review privacy notices you issue when collecting data.
  • Write up a document showing how you’ll lawfully use data and publish it online.
  • Review how you acquire, record and manage consent to take data.
  • Consider a system for parental/guardian consent for data involving children.
  • Have an action plan to react to a data breach, including cyber insurance.
  • If you operate internationally, provide clarity about where your base is.

Being aware of the risks you face as a freelancer will allow you to take simple precautions to reduce as much of the risk as possible. When embarking on new projects, contracts and activities, you must ensure any digital data that you retain is stored in a secure, private and preferably encrypted folder, either online or offline, and any physical data is stored in a locked cabinet, drawer or other storage facility that can’t be easily accessed by others. Also be aware of any Bring Your Own Device (BYOD) guidelines that employers and organizations may have in place to ensure you don’t violate someone else’s data protection policy through use of your own devices.

If you don’t believe you’re fully GDPR compliant yet, the best thing to do is to carry on and establish a compliance plan as soon as possible, so at least you know where you are going. Try and take care with data as much as possible until you’re able to establish your new plan fully.

Further issues to consider

It’s not just data protection regulations that freelancers put themselves at risk of though. Alongside your GDPR plans, you should make sure you minimize the risks to you as a business from every possible angle by taking proper care throughout each and every project you undertake. This will serve to not only keep you compliant, but also make you a more attractive candidate for other organizations and projects in the future.

Some of the most common issues that freelancers can fall afoul of on a daily basis include:

  • Breaches of confidentiality
  • Negligence
  • Intellectual property disputes
  • Defamation
  • Social media breaches

Insuring against disaster: What to consider

It’s recommended that freelancers consider Indemnity Insurance, also known as public liability insurance or professional indemnity insurance. This protects you against being sued by clients or former clients claiming that the writing, product or service you supplied was somehow negligent due to an error or accidental omission. Similar to malpractice insurance used by doctors, used to cover themselves when medical mistakes are made, indemnity insurance covers you and limits your liability while you are doing your job. Professional indemnity includes cyber liability, which is essential in order to mitigate the risks of GDPR non-compliance.

Digital freelancers should consider insurance as a protection against defamation and libel suits. In the age of social media, where content can be easily shared and incorrect statements can quickly spread, you need to be protected should you fall foul of any regulations. This is especially relevant when working in or with editorial fields.

It’s also important to remember that older insurance policies will not yet have been updated to meet more technologically modern needs and may not be entirely fit for current needs and requirements following the introduction of GDPR. It’s essential that you check exactly what your insurances cover and that you flag anything you don’t believe will cover modern regulations.

Annual policies vs on-demand insurance

Many freelancers and contractors may be reluctant to take out insurance for a single job, but there is now the opportunity to purchase insurance only when you need it, through the growing prominence of on-demand insurance offerings – even if it’s just for a day.

On-demand insurance is commonplace in some areas, but is relatively new in the freelance and contractor space. Its introduction is likely to make it far easier and more convenient for you to remain protected during temporary projects. Many companies and organizations are already required to have insurance in place, so it makes sense for this to be the norm for freelancers as well.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.