What your business should know about managing data post GDPR
“We have updated our privacy policy” said basically EVERYONE.
While this seemingly came out of the blue, business owners had two years to prepare for this change. General Data Protection Regulation can have ramifications for major companies that have operations connected to Europe and the rest of the world isn’t taking any chances and are updating their policies too.
Now that we operate on a global scale, remaining compliant with these changing laws is rather challenging with dire consequences for those who get it wrong. This is particularly worrying if you are a small business who can’t afford the millions in legal fees and fines…
Part of the data protection has to do with data management: how you access, store, use then delete customer data. And its not as simple as hitting the delete button.
Here are some data tips you need to know about:
Life After The Recycle Bin
We have all done it. We hit the delete button accidentally and when we realize that we actually need the file, we simply look in the Recycle Bin on our computers and fish the file out.
But did you know that even if you empty the Recycle Bin, the file isn’t truly deleted?
When you delete a file, you are just removing its record from the computer’s index. Think of it as removing an entry from the Index of a book. The page with the information is still there, just the record to where it is in the book is gone. On a computer, you can use software to quickly recover the deleted file
So how does one destroy data? You need to destroy the actual file and not just the index to the file? In other words, how to do you rip out both the index and the page from the book? Just like there is software to recover data, there is software to destroy the data and if the data is really so sensitive, it is best to physically destroy the hard drive!
Secure Your Website
Virtually no company can survive today without a website. Some think that their website is just for informational purposes and therefore is not a security risk. However, if you have a Contact Us form on your site, you are collecting data. If your website has any analytics, then you are collecting data. These need to be secured.
The simplest place to start is with an SSL Certificate. This is where you upgrade your website from HTTP to HTTPS and that “S” will give your site the lock symbol. This means that information submitted in your contact form or comment section or login section is encrypted.
You obviously still need to secure that info when it is on your various internal system.
Your Phone is a problem too
Barack Obama casually mentioned while he was president that he was forbidden from using an iPhone. The current US president seems to have other ideas…
While we are so concerned with our laptops, desktops and servers, we must not forget about our phones and tablets. They contain so much sensitive information and yet we don’t give that a second thought. If you ever lost your phone you know the uneasy feeling knowing that someone could be browsing through your personal info and your family’s photos.
If you connect your phone to your work for email, files and contacts, then you need to ensure that your phone is secure too as you are responsible for that information.
So in summary:
Our entire lives are now 1s and 0s. We have less paper and more websites to log into, more apps to use, and more digital ways to communicate and share. Therefore, businesses have an obligation to keep information private and confidential or face the consequences which are severe.
Not only do CEOs resign, but entire companies close down when their customer lose trust in the business post a data breach.
There are certain industries where it is crucial to be legally compliant especially when dealing with sensitive client information. It is advisable to get the right technical support for your industry, e.g. financial services and not “do it yourself”. In these industries, should a data breach happen, it will be catastrophic.
Therefore constant monitoring of the network is required looking for anomalies BEFORE the company becomes the next “Got Hacked” headline.
One thought on “What your business should know about managing data post GDPR”
Comments are closed.