GDPR Compliance: The Deadline Has Passed… Are You Compliant?
Mark Zuckerberg answered questions today from members of European Union Parliament regarding the mishandling of personal data of Facebook users in the EU. The protection and regulation around personal data has been of particular focus in the EU, since the inception of the General Data Protection Regulation (GDPR) in April 2016. As I watched the Facebook CEO take on questions from each member of the European Parliament, I was reminded of the impending GDPR implementation deadline, which is in (gulp) three days. I was left wondering how ready our customers are.
You’ve heard the backstory of GDPR through various outlets here at Jungle Disk and probably other cybersecurity resources outside of Jungle Disk. Essentially, it replaces the EU’s Data Protection Directive, which was implemented in 1995, before the internet blew up as a hub of commerce. GDPR protects all kinds of personal data, including, but not limited to, names, addresses, ID number, web data, health data, biometric data and racial or ethnic data. It affects just about any company that stores, or even processes, personal information about EU citizens within the EU states, even if the business does not have a presence within the EU. That’s why it may affect you, even though you are not physically in the EU. If you handle customer data of citizens who reside in the EU, you are subject to GDPR.
By and large, Jungle Disk customers tend to be ahead of the game. If you are backing up your data with Jungle Disk encrypted backup, you are in a pretty good position. Should customers need you to provide them the data that has been backed up on your server or laptop, you should be able to pull up the data you need and send that to them. Better yet, you can even share it with them in a secure fashion in a shared encrypted disk in your network drive. If you don’t already have email archiving enabled, be sure to ask a Jungle Disk representative about archiving your mail data. GDPR stipulates, “Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.” Therefore, internally, your company should always be asking exactly how long personal data is kept for, question the purpose behind how it’s being used and when it should be disposed of. Email archiving allows you to set appropriate retention periods for segments of mail data, so that you keep data for only as long as you need it.
Password management is another way Jungle Disk can help you identify, control and secure the personal data of your EU customers. Team Password, Jungle Disk’s newest product addition, not only helps you store passwords and other confidential data (including personal data) in a centralized vault, but also provides key features, such as two-step verification, activity logging (which is critical for user audits) and secure ways to share passwords to ensure secure password management.
Ultimately, regardless of whether you are running a small business, medium-sized business or even an enterprise, we hope you are aware of the impending GDPR deadline and have a good data management plan to fall back on. If you don’t, be sure to contact us so we can help get you ready.