The EU General Data Protection Regulation (GDPR) aims to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established. Although the key principles of data privacy still hold true to the previous directive (the Data Protection Directive 95/46/EC), many changes have been proposed to the regulatory policies. Here’s our roundup of expert opinion on how to ensure compliance:
Tip #1 Lock down your company data
“The right systems and processes must be in place to stay in control of the data, including being able to wipe information should a device get lost or the employee leave a business,” explains Jon Seddon, head of product at GCI. “It also means locking down sensitive documentation and putting controls around who can read, modify, and open information.
Seddon says that services such as Enterprise Mobility + Security from Microsoft allow businesses to segregate corporate data on personal devices, but they also control what users can do with the documents that hold that personal data. “Technology alone can’t fix everything, but when combined with rigorous policies it can mean that organisations stay on the right side of GDPR,” he explains.
Tip #2: Create a culture of data confidence
Employees from across your business handle data every day. But how many realise how valuable it really is, and how it can help them connect with your customers more effectively? According to Jean-Philippe Courtois, Microsoft’s EVP and president for Global Sales, Marketing & Operations, fostering this understanding is vital to engaging employees in your approach to data governance. Educating employees will also help them to realise the importance of adequate data protection.
“To ease this cultural shift, consider your approach to data governance within the context of a broader digital transformation,” Courtois explains. “This will give your colleagues the confidence to explore new, sometimes experimental avenues for data utilisation. The GDPR was developed in part because in our digital era, people are demanding more control over their privacy before they trust technology. Cultivating this confidence, whether with employees or customers, is key to ensuring you’re making the most of data-driven, business-critical insights.”
Tip #3: Get to grips with analytics
According to Infogix, through analytics-enabled data governance, a business can not only locate personal data enterprise-wide, but monitor compliance, usage, approvals, and accountability across the organisation.
“As more data is generated through technologies like IoT, it becomes increasingly difficult to manage and leverage,” says Emily Washington, senior vice president of product management at Infogix. “Integrated self-service tools deliver an all-inclusive view of a business’s data landscape to draw meaningful, timely conclusions. Full transparency into a business’s data assets will be crucial for successful analytics initiatives, addressing data governance and privacy needs, monetising data assets and more as we move into 2018.”
Tip #4: Get your security strategy in a sound place
Camilo Lascano Tribin, senior content writer at Advantage, says the Brexit negotiations and the introduction of the GDPR in May hold a great deal of uncertainty for businesses, especially those competing in the SME market. “Do yourself a favour and get your business security strategy in a sound place, so that when the variables that 2018 throws at you hit the fan, you’ve got the time and energy to focus on finding solutions to those problems, rather than spending time worrying about the compromised data you’re now holding due to a silly and easily avoidable cybersecurity incident,” he said.
Tip #5: Make sure you are able to retain audit data for enough time to deal with potential incidents or enquiries
Emma Robinson, content manager at Quadrotech, says that if you experience a data breach or face accusations of misconduct, the investigation procedure can be long and arduous, so you need to ensure that the data you need remains available throughout this process.
“One area of the Office 365 Security and Compliance Center that can help you comply with this requirement is the Office 365 Audit log,” she explains. “The tool logs user and service activities for SharePoint Online, OneDrive for Business, Exchange Online, Teams, Azure Active Directory, and Sway. Once enabled, the Audit Log will show you a full view of events which can be searched and refined.”
Tip #6: Develop a context-aware identity and access management (IAM) strategy
According to Jackson Shaw, senior director of product management at Dell, with a change in regulations, organisations must be quick to respond and remediate threats prior to experiencing a breach. “With a comprehensive IAM strategy, organisations can monitor what users are accessing the network, from where, and from what device. This automatic detection can establish trends in individual user patterns, creating a risk score. If the risk is too high, it will either interrogate the device, requesting the user to input more information in order to help identify itself, or it will refuse access, locking the user out of the system. This level of integration helps network security to become smarter, and more aligned with the businesses.”
Shaw says that those organisations who fail to implement an appropriate strategy are taking a number of risks. “These risks come in many forms, from loss of business, to loss of consumer trust, and even imprisonment of board members,” he explains. “Given the upcoming GDPR legislation reforms, it is imperative that organisations are able to understand and put the steps required by the legislation into action.”