The rapid development of technology and the growth in online access to records has brought huge gains to businesses and individuals around the world, but with this progress comes increased concerns around data security and the way in which confidential data is stored and sent electronically. According to Gemalto research, more than 3.35 billion data records were compromised worldwide in the first half of 2018 alone, an increase of 72% from the corresponding period in 2017.
In the EU, the GDPR legislation was introduced last year, bringing with it much stricter security and record-keeping requirements with severe financial penalties for businesses that fail to comply. This made it necessary for many businesses to completely overhaul their existing data protection regimes. In fact, Hiscox research shows that 80% of UK businesses have changed their approach to cyber security as a result of the introduction of the GDPR. However, the same research also found that three quarters of UK businesses remain ill-prepared for a cyber attack. Many businesses are conflicted by the need to innovate and react quickly to changes in the market while ensuring the protection of data is not compromised.
With the potential consequences of a data breach being so serious, it’s essential to ensure your suppliers follow stringent security models and industry best practices to protect your data. Indeed, the GDPR makes it a legal requirement for data controllers to satisfy themselves as to the sufficiency of their suppliers’ data protection regimes.
Although the processing of personal data is more critical to some businesses than others depending on the industry they operate in, there is one category of personal data that all businesses must process: the data of their own employees. To fulfil their legal obligations, employers must collect and store various aspects of employee personal data, such as home address and National Insurance number, as well as data that is classified as more sensitive “special categories” under the GDPR, such as information relating to an employee’s health. Employers of all sizes are obliged to process this data in a secure manner, which includes ensuring that any external suppliers they use have appropriate security provisions in place.
At Zest, information security is our number one priority. We know that businesses both large and small want to use our easily-configurable and rapidly-deployed employee benefits system, but cannot afford to take any risks with their employees’ personal data. That is why we built the Zest platform with the GDPR principle of “privacy by design and default” at the front of our minds. Information security is fully integrated into our software development lifecycle and we commission regular independent tests of our application to ensure nothing has slipped through the net. Our platform is hosted in secure UK-based data centres, and both Zest and our hosting partners are certified to the internationally-recognised ISO 27001 information security standard.
In the modern world, privacy is increasingly being viewed as a fundamental human right, and individuals rightly expect all businesses – including their own employer – to treat their personal data with the utmost care. Zest clients can be confident that in addition to offering a game-changing employee benefits platform that is revolutionising the industry, we are also leading the way when it comes to the protection of personal data.