Skip to content Skip to footer

Data Protection as a Service

It’s my experience that  most companies are aware of the need to  cover  the web site with a Cookie policy but CEOs at smaller companies may not had time to digest the rest of the  GDRP in practice. Gaea has an excellent DPO, and we offer the service  on a consultancy basis  to check what you  have in place vs. the regulation and discuss for example, the status of staff training. Fines for staff errors under GDPR can be small to very significant: please check tracker.

Some examples
  • A 2020 report confirms 9 out 10 data breaches are caused by your users.
  • Researchers from Stanford University and a cybersecurity organization found that approximately 88 percent of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cybersecurity problems. 
  • The study  at by Stanford University on the psychology of human error highlighted that employees are unwilling to admit to their mistakes if organizations judge them severely. Over half of incidents are not reported to management due to employees being scared or feeling guilty (same study).
  • GDPR fines are mostly due to lack of data security, informing people (privacy policies ) and a proper legal basis.
  • People may not be aware about the difference between pseudonymized data (= personal data ) and anonymized data, and when they think they have anonymous data when they in fact don’t, so they fail to comply to any GDPR obligation and thus risk fines if reported.
  • Employers  may also not know that anonymized data is perhaps not GDPR anymore, but can still be subject to other legal constraints, such as IP rights, and therefore, you cannot just drop your data into an open-source tool and make it public.
  • People are often confused about the right to being forgotten in combination with “the company has to forget all about me and any financial claim they have on me”. A company, on the other end, may not fall back on ‘we’re going to keep this data because there is still a legal claim open’ if they are actually not going to do anything with this at all. Then companies do need to forget about a person.

If interested to discuss, please email me at [email protected] and I can arrange an introductory discussion with our DPO, and then if wishing to go deeper, move under a CDA and DP agreement.
Nigel Goodman
CEO

Leave a request or contact us in any convenient way for you.