GDPR is a hot topic right now, and with not long to go before the deadline there’s probably going to be mad rush to get everything sorted.
GDPR is the General Data Protection Regulation. And whilst there are many pieces of information out there on the web, what I believe the EU powers that be, want to know is:
- How are you protecting your customers data?
- Did they consent to you sending information to them? (Email, post, phone etc…)
- Are they OK with you selling their data on?
Points 2 and 3 are more about seeking the individuals’ permission, so we’re going to focus on point 1.
So, whilst I’m not a lawyer and this is by no means legal advice. Here is how Gopher can help you protect your customer data.
Policy
You need to have a policy in place for staff, so they know how to process information. It must be clearly communicated to all employees and be easily accessible to them. SharePoint is a useful tool for this and easily integrates with Office 365.
Encryption
Computers.
All your company information should be kept on encrypted drives. Microsoft provides BitLocker for this and Apple provide FileVault. This can be a pain to manage though. Our solution provides centralised management for both BitLocker and FileVault, taking advantage of the native device encryption and ensuring optimal compatibility and performance.
Backups.
You should ensure that data is encrypted always, including when it’s in transit (e.g. while being uploaded).
Also, be mindful that transferring data, including via the cloud, to countries outside the European Economic Area (EEA) is restricted under the Regulation.
Gophers’ backup solution provides you with peace-of-mind, knowing that your solution will be fully compliant with the new GDPR.
Email.
If you send personal information via email, it should always be encrypted, or password protected in case it falls into the wrong hands.
For example, sending a meeting request to a customer is fine to send over unencrypted email as it contains no personal information. However, sending a customer a file about their investments is personal and therefore you should be taking precaution when sending this. Our Secure Email Messaging platform provides you with the tools necessary to do this in a safe and compliant manner.
USB and External Devices.
You should make sure that the data is encrypted and can only be accessed by authorised users. It’s safer to provide pre-encrypted USB sticks to your employees.
Website.
Your website should have an SSL certificate. There are 3 main reasons for this.
Firstly, at the start of July, Google will be displaying a clear warning label to all viewers of your website that it is not secure. This just isn’t good for business.
Secondly, if you have a contact form on your website, you need to make sure you’re protecting your customers information in transit to remain compliant with the GDPR.
Thirdly, it helps your search engine ranking. Because who doesn’t want to rank higher?
Anti-virus and Ransomware.
All your company computers and servers should be protected. Nobody wants to risk infection, and nobody wants to have their data maliciously encrypted and held to ransom. Our solution helps prevent this from happening and is centrally managed.
Remote Access.
Lastly, remote access. If you have employees connecting in from outside the office, from home, from a coffee shop or from a client office and anywhere in between. You need to make sure that they have a secure method of connecting in. Gopher provides various solutions to make this extremely easy for you.
If there’s anything you’d like more information on, or if you would like to get in touch to see how we can help. Send us an email or call us and we will be happy to assist.
