Booksellers Association - GDPR and Cyber Security Tool Kit

General Data Protection Regulation (GDPR)

The EU’s General Data Protection Regulation (GDPR) came into force on 25^th May 2018, enforcing a strict set of new rules concerning privacy and data security.

There are some heavy fines for non-compliance and small and medium businesses are being warned not to ignore it.

It affects areas such as: the way customers sign up and unsubscribe to your newsletters, your website set-up, how you store customer details, the way you interact with children online (via Facebook, Twitter, etc) and staff training.

The key place to go for more information is the Information Commissioner’s Office (ICO) website www.ico.org.uk.

The ICO have many helpful GDPR resources for small and medium businesses, including an advice service helpline. Click here for their GDPR guides, checklists and steps to take now.

The BA has also produced:
- a short GDPR guide for booksellers
- a GDPR FAQs for booksellers document
- a round up of our GDPR top tips which we sent out in our enewsletter and our magazine, Bookselling Essentials

If you have any questions about the GDPR, do contact Kate Gunning 020 7421 4695 [email protected]. Please note that the BA is not a legal advisor and any BA materials are not intended as official documents or legal advice, just practical guides.

Cyber Security Toolkit

53% of all crime against retailers is now linked to cyber security.

The British Retail Consortium, of which the BA is a member, has produced an excellent Cyber Resilience Toolkit for Retailers, which we would strongly recommend members should read (whilst some content is pitched at larger retailers, most of the guidance is useful for booksellers of any size).

The Toolkit outlines the risks to retailers and then talks about what retailers can do to minimise the risks:

Prevent - Prepare - Respond - Recover - Review

The Toolkit also contains a series of useful resources, including:
- A toolkit to engage your Board on issues of Cyber Security
- An online exercise to see how cyber resilient your business is
- An elearning course with Top Tips for your staff
- An elearning course with advice on Cyber Security for Small Organisations
- A guide for SMEs on staying Cyber Secure

Checklist for small and medium sized retailers

Install the latest software, and run regular Windows and app updates. They contain vital security upgrades which help protect against viruses and hackers.
If you are using Microsoft software, it is important that you apply all Microsoft patches and updates and that you only use supported Microsoft operating systems to limit your own vulnerabilities. XP and Vista are no longer supported.
Use proper anti-virus software services. Make sure your AntiVirus product is up to date and run a scan.
Use strong and separate passwords for your key accounts, including email and online banking. Use three random words to make a strong and memorable password.
Never disclose security details such as passwords or PINs.
Back up essential data at regular intervals. You can't be held to ransom for data you hold somewhere else.
If you receive an email, letter or text message that you are not sure about - do not respond to it or click on any links. Please look at the address that is purporting to send you the e-mail. If it reads (for example) something like: From: Meryl Halls ([email protected]) then it may not be from Meryl Halls! Just because someone knows your basic details, it doesn’t mean they are genuine. Our advice would be to go directly to a website rather than click on a link.
Provide staff with access to simple, freely-available cyber security training.
Conduct a cyber security risk assessment for your business.
Seek accreditation through the Government-endorsed ‘Cyber Essentials’ scheme.

Further information

https://www.ncsc.gov.uk/cyberaware/home
https://www.ncsc.gov.uk/guidance/ransomware-latest-ncsc-guidance
www.takefive-stopfraud.org.uk