Simon Walkden

Former Global Head of End User Engineering at Barclays and leader of Vodafone’s Cloud and Hosting Services, Simon Walkden is steeped in experience at leading international organisations. He has a particular depth and breadth of expertise in ITaaS.

This is embodied in the development, while MD of Flourishing IT Ltd, of an IT Healthcheck service that enables companies to improve delivery, while achieving new levels of internal efficiency and regulatory compliance.

With a passion for reducing cost and complexity, Simon now guides Virtual Clarity’s clients through digital transformation, enabling them to realise the full range of benefits of ITaaS and zero-owned infrastructure.

Connect with Simon.

View articles by Simon

Keeping your data private in five simple steps

Happy Data Privacy Day - May you be content in the knowledge that all your personal data is safe!

Ah yes, that might not be so easy. After all, earlier this month, it was reported that over three quarters of a billion unique e-mail addresses which were used for logging in had been breached with associated passwords that had been compromised.

Inside our company, we recommend people start to strengthen their password approach, by ensuring a unique password for each site and using a password manager. Internally, we also no longer rely on just the username-password, but a second factor too.

This has led to some thoughts about data privacy, particularly in the light of last year’s experiences with the introduction of the biggest Data Privacy legislation in the world - GDPR. Here are a few that might help you:

1. Ask an IT staffer “what is data privacy?” and they will tend to talk about security. Ask a business person and they might talk about policies and procedures. The point is that it is both. Companies that get their IT and business to work together on data privacy will tend to protect data best. I was quite surprised how little terms like Data Processor were understood by legal people, in the context of how client companies actually operated. They would be genuinely grateful if someone technical could show them how to differentiate between Data Processors and other Data Controllers with whom the company shares data - it’s kind of important if you want to be legally compliant to GDPR. Equally, good co-operation between business and IT on policies such as data retention and deletion can result in the best form of data protection – properly deleting what is no longer needed, making it safe from all hackers.

2. Ask employees how well they understand their company’s policies on data privacy beyond “we respect your privacy”. Were the policies explained when they joined? Was it included in their induction training? Can they remember what was said? Do they know where to go to find the policies? If your staff don’t know the policies, then they are less likely to be effective. Consider how you can keep the data privacy policy fresh in their minds.

3. Ask whether you have a review date on your policies (Virtual Clarity do). The policies don’t only need to be fresh in people’s minds; they also benefit from being refreshed and continuously improved. It’s rare to get something perfect first time and there was a lot of tactical ‘jamming’ done around GDPR. Take the chance to review and advance - and don’t forget that the threat landscape is constantly changing.

4. Ask again whether you know where the personal data you hold is being kept. New systems come online. The business adopts new services from third parties. Has anything changed in terms of international transfers? Remember, data residency laws to protect personal data are tightening too.

5. Ask about how your company detects security breaches and handles them. I wrote a blog about this last year on the next steps after GDPR. At the risk of self-promotion, I do recommend another look - and if you did read it, I’d love to know if it helped!