The human side to GDPR and why it matters
Data protection is fundamentally a human issue. And yet, relatively little is written about the human cost of data breaches. Without this focus, organisations will likely continue to view GDPR as a compliance exercise. Instead, GDPR offers a meaningful opportunity to prevent employees and clients from suffering harm.
By applying a people-centred approach you can not only comply with GDPR, but also implement lasting change to protect the individuals that all businesses rely on.
The human cost of data breaches
Do data breaches cause harm to victims? This may appear to be a simple question, but it is one that is argued in courts all over the world. The most obvious concern for those affected lies in the increased risk of becoming a victim of crime, such as theft or identity fraud. This concern is not misplaced, particularly when we consider that Simon Dukes, Chief Executive of fraud prevention organisation CIFAS, reported in 2017:
“We have seen identity fraud attempts increase year on year, now reaching epidemic levels, with identities being stolen at a rate of almost 500 a day.”1
For the individual, the consequences go beyond the financial loss or time spent in reporting and resolving the incident. The link between identity theft and stress or health problems is already well documented2. But what about the less obvious, intangible losses associated with data breaches? As the recent Morrisons case shows, even in the absence of financial loss, victims still suffer upset and distress. This type of harm is less researched, but emerging studies have suggested that an invasion of privacy can cause emotional trauma including insomnia and depression in victims3.
Adopting a people-centred approach
If data protection is a human problem, it will also require a human solution. Here are 3 tips on how to adopt a people-centred approach within your organisation:
- Educate your people on the “why?” not just the “how?”
The greatest irony in GDPR is that although it exists to protect people, those same people are often considered the “weakest links” in cybersecurity. According to research by CEB, 90% of employees admit to breaching policies designed to prevent data breaches4. Real cultural change won’t be possible until employees are able to empathise with data breach victims, and understand the vital role they play in protecting themselves and others.
- Appoint leaders to protect victims in the event of a breach
In the event of a crisis, it’s easy to become distracted by the potential impact on your bottom line. Should a breach occur, it’s important to appoint leader who can solely (and strategically) focus on minimising individual harm. This will not only protect those affected, but will also reduce customer losses as well as the cost of the breach.
- Put empathy at the heart of your breach response plan
In practice, this means much more than just listening to victims and recognising their concerns. Businesses should also help victims understand the potential consequences, and take steps to repair the damage. Research from the Ponemon Institute suggests that organisations offering data breach victims identity protection services, are more successful in retaining customers5.
If you’re interested in understanding how insurance can help in the event of a data breach, get in touch with your local Jelf adviser.
Gemma Sword-Williams, Insurance and Risk Consultant, Jelf