With digital security being more important than ever, we had a chat with James Peel at Rollits about all things data protection.
James Peel is a Partner at Rollits in the Commercial & Intellectual Property team, specialising in data protection and GDPR (General Data Protection Regulation). Despite GDPR having come into force almost five years ago in May 2018, there are still many businesses and organisations whose digital operations don’t fully comply with the new framework for data protection laws, which is where James’s insight proves invaluable.
“Suitable and adaptable data protection is crucial but it can often be neglected,” said James. “In some cases an organisation will lack clear policies, and in other instances everything has been put in place back in 2018 but quickly fallen behind the times as the related case law and statutory guidance continue to evolve. The key is to create, communicate and maintain these policies and procedures, as well as give employees everything they need to adhere to them on a daily basis.”
James has been at Rollits for 14 years, having started as a trainee and working his way up to Partner status. His role has seen him work in the Commercial team as well as supporting multiple clients in the education sector. Thanks to his extensive knowledge of data protection, he is now the firm’s legal authority when it comes to anything relating to the subject.
“Rollits delivers a much greater volume of data protection advice since GDPR took effect,” said James. “I was originally a commercial contracts lawyer who provided occasional data protection guidance, whereas now it’s a much more significant part of my role. No matter what the scale of the business I’m helping, I would say that there are two particularly key aspects to data protection, which are the creation and implementation of proactive policies, and ensuring that you are transparent about how you use personal information so that everyone is on the same page at all times.
“For instance, internal procedures help towards enabling staff remain compliant with data protection laws, whereas privacy policies on websites can be used to state how your customers’ and website users’ data is taken, used and stored. Not only does this give everyone peace of mind, but it is also an integral part of keeping a business compliant with the requirements of the Information Commissioner’s Office, or ICO.
“The protection of personal information should be a priority for every business, organisation and charity,” added James. “Over the years there have been multiple cases shared in the media of the NHS, police forces, SMEs and charities having their data unlawfully accessed by malware and hackers or otherwise being involved in a data security breach.
“One case saw a construction company fined £4.4m by the ICO following an incident involving a phishing email being forwarded from one colleague to another, which ultimately resulted in confidential data about a significant number of individuals being compromised. The risk applies to the smallest and newest businesses as well as those that have hundreds of staff. This can be avoided by staying on top of the ever-evolving data protection requirements and information technology best practice for your business. From regular security patches for software to two-factor authentication (2FA) for remote access, apps and social media accounts, prevention is better than cure.”
James also told us about the risks posed by the autocomplete function on computers and smartphones, which applies to emails, online forms, passwords and more:
“The incorrect use of autocomplete and email address books is a big issue – there was a case of a public authority accidentally sharing very sensitive information with the wrong person due to the sender including an external email address within an internal email address book and then mistakenly sending a sensitive internal email to that external contact. Simple errors can cause enormous issues.”
With so many areas of data security that need to be addressed, we recommend getting in touch with James Peel at Rollits to discuss which organisational strategies for data protection will fulfil your legal requirements.