Now that the EU’s GDPR has been in force for more than two years, Antoine Harb, Team Leader Middle East and North Africa at Kingston Technology, provides a reminder to businesses about their obligation to enforce stronger privacy protections and breach disclosure requirements.
At the onset of April 2016, the European Parliament approved the General Data Protection Regulation (GDPR), replacing its outdated Data Protection Directive which was introduced way back in 1995, and the legislation brought into force on 25 May 2018.
The uniformity in GDPR makes it unique; unlike a directive that allows each of the 28 members of the EU to adopt and customise the law to the needs of its citizens, GDPR requires its full adoption with no leeway making it compulsory for every country to comply with. It applies to any organisation having data of European citizens.
All organisations in the Middle East and Africa with any connection to Europe- whether through customers, affiliates or business partners- are impacted by the GDPR. The steps complying to the GDPR are supplemented by existing measures that many corporates in the region had adopted as a matter of good practice or to comply with local regimes.
Need for a law against data collection
A lot of organisations solely depend on customer acquisition via data collection that helps them to target and retarget their potential customers if they missed out on converting them before. Google, Apple, Facebook and Amazon hold huge amounts of customer data and frequently have been under the scrutiny of their users regarding the amount of data these organisations seek. The introduction of GDPR plays a pivotal role in the awareness of consumers and where they share their data now.
Antoine Harb, Team Leader Middle East and North Africa at Kingston Technology, said: “GDPR regulations would keep a lot of companies under check when it comes to regulating data. Also, GDPR could serve as a catalyst for nations in the Middle East to enforce stronger privacy protections and breach disclosure requirements.”
Organisations take a step forward in educating their employees
When such stringent laws are there to protect consumer data; it becomes imperative for the organisations to instill ethics into their employees. An educated workforce is less likely to contravene good practice on data protection. It is a vital step in ensuring that your employees understand the moral code of conduct of not breaching consumer data.
Employees must be involved in the dialogue about how the organisations want to mitigate, manage and defend data protection issues.
Can IT departments better secure devices?
The IT department in an organisation is considered its neural network that keeps the company up and running. Data needs to be protected in transit, at rest and in use – it is critical to have an all-encompassing security, recovery and data erasure plan to cover across all of these contexts.
There are various ways by which an organisation can make sure that their data isn’t getting compromised and can better take care of their customers’ data privacy:
Two Factor Authentication
In the quest to keep your data secure; Two Factor Authentication is the fundamental step an organisation can adopt. This step prompts the user to supply a password on two different devices, say a laptop and a cellphone and then let them pass to the information. It is a prudent way to keep yourself safe from phishing emails. It is always advised to use a complex unique password along with Two Factor Authentication to better safeguard your data.
VPNs, encrypted SSDs and USBs
VPNs are increasingly popular with SMEs. A VPN works by creating a virtual network tunnel between an employee’s device and the company’s network. The data goes through public Internet but the data sent back and forth through it is protected by encryption and security protocols to help keep it private and secure. They are particularly salient for staff who are accessing business data over public WI-FI networks.
With the advancement of technology; encrypted USB flash drives have spearheaded into the corporate sector and they have been designed to protect data that requires iron clad security.
Kingstons’s hardware based encrypted USB flash drives like DT Locker+ G3, DT Vault Privacy, DT 2000 and DT 4000 G2 are the ones that feature data protection solutions for mobile data in and outside of an organisation’s firewall giving them the extra edge in security that is essential in today’s uber fast world of data.
Deploying encrypted USBs and equipping your notebooks with hardware encrypted SSDs goes a long way in resolving the challenges of remote working. If a device is lost or stolen, you can be confident no one will have access to the encrypted files. With select encrypted USB drives, you can even remotely destroy them.
Kingston’s Enterprise SATA 3.0 and NVMe Data Centre (DC) SSDs like DC 1000B M.2, DC1000M U.2, DC450R 2.5” and DC500 2.5” have been designed with a stringent set of development requirements and a thorough testing process. This results in consistency for workloads requiring a balance of high sustained random read and write IOPS performance.
The power failure features keep mission critical environments up and running all day. Along with this, UV500 provides end-to-end data protection using 256-bit AES hardware-based encryption and support for TCG Opal 2.0 security management solutions while KC600, KC2500, KC2000 and A2000 have quintessential features like TCG Opal and eDrive that matches the benchmark to possess industry standard hardware encryption and drive management support.
How can tech providers improve processes and understanding?
Tech providers and organisations must facilitate an environment of digital cohesion and data cohesion within the organisation as well as external suppliers and partners.
A Data Protection Officer (DPO) can be hired or delegated from within the organisation. This is vital as they would act as an independent advocate for the proper care and use of customer information. Tech providers must work closely with the DPOs to provide them with full visibility into a corporation’s security and data privacy landscape which in turn would help the DPO to understand the customer data better.
Conclusion
Introduction of GDPR has regulated businesses in terms of bringing data privacy and network security to the attention of the C-suite and consumers. Complying to the norms of GDPR requires proactive effort and attention to data security. An organisation’s formidability isn’t just based on the amount of data it possesses but also on how they tend to regulate it and respect it as well. Reminding staff that there’s always a person behind the data can go a long way to embed a culture of data protection within your workforce.
With the globalisation of data sharing, regulations set out by GDPR have become necessary to comply with all across the globe and this phenomenon has been hailed as a step in the right direction as it inculcates digital ethics in the employees holding on customers’ data and in the awareness of customers with respect to their data sharing conscience as well.