If you hadn't read this story, people hacked a casino database using a thermometer in a fish tank.
The article is about how the internet of things (IoT), so everything having some level of intelligence and an IP address. Can within reason be hacked. This allowed the hackers access to a customer database.
So what has this to do with GDPR? Well on May 25th of this year, once GDPR comes into force this could cost you not only the embarrassment of the hack but also a heavy fine. 4% of revenue to be exact.
So this should prompt you to check all CCTV, fish tank thermostats, more importantly you need to really think about whether you really need databases with people's data on it. The spreadsheet, you built for an event, that customer list, because the more lists you have, the more likely if you get hacked you will end up fined.
What do you do with them? Delete them.
That's why Witherspoon's the UK Pub group group deleted their customer database and said they would communicate with customers through social.
Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."