General Data Protection Regulation: Protecting Both the Customers and the Employees

With the General Data Protection Regulation looming, organizations need to have stringent security policies and controls in place for protecting data.

9 September 2015

legal compliance

With the General Data Protection Regulation looming quickly, organizations need to ensure that they have stringent security policies and controls in place for protecting personal data – especially information pertaining to their customers’ and employees’.

According to the Council of the EU, the new General Data Protection Regulation will aim to both harmonize the current laws in place across the EU member states and provide a higher common standard of data protection. Under this new regulation, EU organizations need to know exactly where their data is stored, define exactly who has access to what data, understand the legalities of a data breach, and understand all potential security risks. These rules are not only designed to protect customer’s sensitive data, but also that of the organizations’ employees.

When people think about data breaches, theft of customers’ passwords, credit card information, and other personal data that is at top of mind. Many companies are already aware they need to secure their customer information against theft; however, it is essential that they demonstrate the same mindfulness when dealing with their own employees’ data. In nearly every organization, each employee has an individual file where sensitive documents related to his or her employment are stored, including: social security numbers, medical history, home addresses, information on their dependents, salary, and bank account details. Some organizations are still relying on physical file storage locations for these files which is not only extremely cumbersome, but also poses a significant security risk to the employee.

With the EU preparing to intensify its regulations in regards to data protection later this year, it is critical for companies to take the proper precautions to protect personal information – both their customers’ and employees’ data. Otherwise, they could be subject to severe legal and financial ramifications. For instance, if an organization were hacked, and an employee were to suffer identity theft, the consequences would be very severe. The organization could be fined about two percent of its global revenue.

Preparing for the General Data Protection Regulation

Organizations need to act quickly to ensure that their current method of data storage is secure and compliant.

In order to help comply with these regulatory updates, and thus protect individuals’ information and data privacy, there are a few steps that organizations can take. Firstly, organizations can consider a secure collaboration solution that provides them with the ability to set stringent permissions and controls over their data to define precisely who is able to have access to what information. Secondly, organizations should store employee/customer information in a secure repository that has strong security features to protect information wherever it travels, such as Information Rights Management (IRM) technology. For example, IRM allows organizations to maintain lifetime control over content even after it leaves the firewall. Some organizations transitioning to the cloud may find managing the varying country data sovereignty and privacy requirements challenging. So thirdly, in order to have greater control over where your organization’s data is being stored and who has access to it, organizations can look into solutions such as Customer Managed Keys (CMK) which allows them to maintain full ownership over the encryption keys.

In short, organizations in the EU need to protect their customers’ data, as well as their employees’ data, now before it’s too late.

Britany DiCicco

Britany DiCicco

Britany DiCicco supports the enterprise product marketing team at Intralinks focusing on market analysis, positioning, messaging and go-to-market initiatives. Britany’s previous experience at Intralinks included analyst relations, competitive intelligence, and marketing. She graduated from Northeastern University with a degree in Economics.