Take good care of your emails or risk huge fines
It seems like such a long time ago that we were all wondering how the General Data Protection Regulation (GDPR) would impact our businesses and it’s easy to imagine that the problem has now gone away, but ignore it, and you could be making an expensive mistake.
Many of the fines are related to poor handling of customer data and these fines are often large. Take these companies for example:
- Marriott International – Fined £18.4 million for failing to keep customers’ personal data secure https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-marriott-international-inc-184million-for-failing-to-keep-customers-personal-data-secure/
- British Airways – Fined £20 million for data breach affecting 400,000 customers https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/10/ico-fines-british-airways-20m-for-data-breach-affecting-more-than-400-000-customers
Some are for unsolicited marketing. For instance:
- Pension House Exchange Ltd - Fined £45,000 for making 39,722 connected unsolicited calls for the purposes of direct marketing https://ico.org.uk/action-weve-taken/enforcement/pension-house-exchange-limited/
- Pownall Marketing Ltd – Fined £250,000 for using a public electronic communications service to make 365,369 unsolicited calls for direct marketing purposes https://ico.org.uk/action-weve-taken/enforcement/pownall-marketing-limited
Others are where staff have either disclosed personal information or tried to destroy data.
Interestingly the Information Commissioner’s Office is pursuing the Metropolitan Police Service* for their failure to comply with subject access requests. These breaches are more common and it is requests like these that can sometimes cripple a business.
What is a Subject Access Request?
Under GDPR, individuals have the right to access the data that companies hold about them and there are plenty of websites providing advice on this. Some offer example wording that can be used when making your request, for example:
In relation to emails, you may limit the search to emails between [NAMES] during the period [DATES]. However, in relation to [SUBJECT MATTER] please ask [NAMES] whether any of them is aware of others who are likely to have exchanged emails containing personal data relating to me. If so, please let me know who those others are and search the emails of anyone that any of them identifies as well as those individuals mentioned above.
The person making the request would typically be someone who applied for a job or an ex-employee, but it could be anyone that your business has communicated with. In either case, you normally have a month to comply**.
Finding those messages
Have a good read of the sample request above. It is not just asking for the messages that meet limited criteria, it is open to anyone in the business who might have exchanged emails containing that person’s personal data. You can’t just ask your staff to take a peek in their own email as they may not be thorough, and what are you going to do if people are off sick, on holiday or have left the business? Just gaining access to the email accounts could be an issue too.
If your data is structured, it is easy
Our AEC email management software Excitech Mail is not promoted as a tool to solve GDPR matters. Indeed its main usage is in the day-to-day filing of messages so that staff can easily locate messages relating to projects, legal matters, clients, etc. It creates structure where previously there was chaos.
In this situation, it can be a lifesaver because you can use its fast search to find messages even when your search terms are vague. For example, let’s imagine that the individual had applied for a job and his/her mobile phone number had been passed to selected colleagues via email. Simply enter the phone number in the search tool and ALL instances of it, regardless of who sent or received it, are found in less than a second.
For the price of a couple of coffees per month, you can not only have the peace of mind that a data request is not going to cause you to miss a heart beat, but you also have all of your project emails filed with the projects and not scattered in personal inboxes, so if you at any point in time want to see what correspondence has been had with a client, it’s all there instantly. More importantly, if there is a query or worse still, a claim later on, you can once again get the full communication history in an instant.
For more information on our AEC email management software Excitech Mail and a free 30-day trial, click here.
With the constant advances in technology, CAD workstations can house more processing and graphics rendering power than ever. However, there is still a limit on what can fit in a laptop chassis compared to desktop workstations, so are you really getting the most out of your Autodesk software with a laptop?Learn more
Alongside our Manufacturing focused What’s New articles and industry topics, we also want to introduce some helpful articles, which dive deeper into our favourite applications. This article goes back to basics with Autodesk Inventor Representations. When delivering training, this is a topic which comes up regularly, for many different reasons, with both new and more experienced users.Learn more