The Booksellers Association of the United Kingdom & Ireland Limited
General Data Protection Regulation (GDPR)

The EU’s General Data Protection Regulation (GDPR) is coming into force on 25th May 2018, enforcing a strict set of new rules concerning privacy and data security.

There are some heavy fines for non-compliance and small and medium businesses are being warned not to ignore it.
 
It will affect areas such as: the way customers sign up and unsubscribe to your newsletters, your website set-up, how you store customer details, the way you interact with children online (via Facebook, Twitter, etc) and staff training.
 
The key place to go for more information is the Information Commissioner’s Office (ICO) website www.ico.org.uk. The ICO have many helpful GDPR resources for small and medium businesses, including an advice service helpline. Click here for their GDPR guides, checklists and steps to take now.
 
The BA has produced a short GDPR guide for booksellers which can be found here.

The BA has also produced a GDPR FAQs for booksellers document which can be found here

To provide further support, we have been sending out GDPR top tips in our enewsletter and our magazine, Bookselling Essentials: a round up of these communications can be found here.
 
If you have any questions about the GDPR, do contact Pippa Halpin 020 7421 4695 pippa.halpin@booksellers.org.uk. Please note that the BA is not a legal advisor and any BA materials are not intended as official documents or legal advice, just practical guides.


Cyber Security Tool Kit

53% of all crime against retailers is now linked to cyber security.   The British Retail Consortium, (of which the BA is a member, has produced an excellent 44 page Cyber Security Tool Kit. 

The Tool Kit outlines the risks to retailers and then talks about what you might consider within your own businesses:
How to prevent
Prepare
Respond
Recover
Review

There is also a series of checklists:
Questions for the Board
Questions for Communication Directors
Guidance for SMEs

Although this Tool Kit has guidance for businesses of all sizes, it is pitched more at larger retailers, especially with the focus on the need before any breach to develop a whole host of contingency plans. 
 
Checklist for small and medium sized retailers

Mindful of this, we have worked with specialist advisers to produce a simpler check list for our SME members.  Here are our 12 suggestions:
  1. Install the latest software and app updates.  They contain vital security upgrades which help protect against viruses and hackers.
  2. Run Windows Update.
  3. If you are using Microsoft software, it is important that you apply all Microsoft patches and updates and that you only use supported Microsoft operating systems to limit your own vulnerabilities. XP and Vista are no longer supported.
  4. Use proper anti-virus software services.
  5. Make sure your AntiVirus product is up to date and run a scan.
  6. Use strong and separate passwords for your key accounts, including email and online banking.  Use three random words to make a strong and memorable password.
  7. Never disclose security details such as passwords or PINs.
  8. Back up essential data at regular intervals.  You can't be held to ransom for data you hold somewhere else.
  9. Just because someone knows your basic details, it doesn’t mean they are genuine.  If there is something you are not sure about  - do not open it.   Please look at the address that is purporting to send you the e-mail.  If it reads (for example) something like:    From: Tim Godfray (igor@spammer.ru) then it may not be from me!  Be careful with e-mails including links.  Our advice would be to go directly to a website rather than click on a link.
  10. Provide staff with access to simple, freely-available cyber security training.
  11. Conduct a cyber security risk assessment for your business.
  12. Seek accreditation through the Government-endorsed ‘Cyber Essentials’ scheme.
Further information

www.cyberaware.gov.uk/toolkit
www.cyberaware.gov.uk/protect-your-business
https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance    
www.takefive-stopfraud.org.uk