FileMaker & the General Data Protection Regulation (GDPR) part 2: how much can a single e-mail cost you?

As we count down to the 25th May 2018 when the General Data Protection Regulation (GDPR) comes into full effect, it is useful to keep an eye on real world examples of issues that are likely to crop up and tie that back to a scenario which could realistically be seen within a typical FileMaker solution.  If you haven't read our first post on GDPR preparation for FileMaker users then click here.

A common use of the FileMaker platform is customer relationship management, tracking enquiries and the conversion into actual customer, managing the logistics and billing of that work.  It would be unsurprising for many FileMaker solutions to have customer names, record IDs/account codes and an e-mail address.

It is very common, when talking about data breaches for people to usually think of the dangers of 'rogue hackers'/external threats, when in reality it is more often the internal threats posed by negligent or disgruntled employees.  See https://inform.tmforum.org/features-and-analysis/2016/03/defending-your-data-securing-against-internal-and-external-threats/ for more discussion on this.

With this in mind, when I was reviewing examples of recent fines and enforcement rulings on the Information Commissioner's Office, one recent ruling immediately jumped out as it struck me as being so relevant to many typical FileMaker based CRMs:

18th January 2018 - SSE Energy Supply Ltd

See https://ico.org.uk/action-weve-taken/enforcement/sse-energy-supply-ltd/

Essentially, SSE Energy Supply Ltd made a very simple mistake: one of their customer service team e-mailed the wrong account number and surname to a SINGLE customer.  While this was recognised as a data breach and internally logged, it wasn't reported to the ICO within the required 24hrs of being logged and so subsequently SSE Energy Supply Ltd was issued with a fixed penalty fine of £1,000 - ouch!

FileMaker scripting can be used to fully or semi-automate email responses using standard templates for common queries, meaning that there is much less potential for these kinds of data transcriptions errors which can lead to an accidental internal data breach.

If you are interested in finding out more about how the FileMaker platform can be used to secure data privacy or need assistance with modifying your system to meet GDPR then contact our consulting team for assistance.