Personal data: 3 ways for businesses to (re) gain customer trust
Data privacy is shaping up to be a central concern over the coming months. The start of the year saw the adoption of the long-awaited overhaul of European data protection laws, the GDPR (General Data Protection Regime). On its heels, the Safe Harbor 2.0 – “Privacy Shield” was announced, the new EU / US agreement on the handling, processing and movement of personal data between the two geographic regions.
High-risk industries like financial services and healthcare require full transparency but also the protection of critical business data, no matter where it is located, to protect citizens’ information. Personally Identifiable Information (PII) is very valuable, but it is the most vulnerable while on the move.
It should be understood that each citizen has a role to play in terms of security. Knowing about security features, backing up our data, and keeping security software, operating systems, applications, and Internet browsers up to date are just a few of the precautions everyone should take on all of their devices. When these basics are not followed, or if we download and communicate personal information through the latest must-have app without being sure of its source, we are simply taking a huge risk with our own information. While more and more individuals are realizing what they need to do to keep their data secure, how can we be sure that it is treated correctly when it is released to businesses? In order to regain the trust of their customers and of public opinion, companies must work on several points.
1 / Ensure the transparency and confidentiality of data constantlyt
By properly respecting the privacy of users and customers, companies make trust possible. Appropriate policies, training and technologies must be put in place in this regard. In other words, you have to earn the trust of the customer. This is a big technological challenge – due to the rapid growth in data integration – facing business leaders, the data and privacy management team, and the IT management.
Data is shared across the internet between the organizations that own it – both social media giants like Facebook and smaller companies that store data on European citizens – and the service providers with which it interacts, such as government departments. payment processing, IT contractors, insurance companies, governments and cloud service providers. In the “borderless” enterprise, this data must remain secure wherever it goes.
2 / Control and encrypt data wherever it is, stored or in transit
GDPR and the Safe Harbor Pact are two examples of laws designed to protect personal data once it has left the hands of the individual or citizen and into the domain of businesses and public bodies. Complying with data protection regulations in the context of the “borderless” business implies thinking beyond the perimeter of defense.
The lines are blurry in defining what is “inside” and “outside” of that perimeter. Many external service providers are legitimately entrusted with assignments that require login information similar to those of internal actors with very high privileges. Additionally, in many industries, data needs to be moved outside of this trusted network. Health data is a prime example, and the maddening number of medical data breaches gives an idea of the size of the challenge. Encryption is the best way to limit access to protected data, because only people with the key to this encryption can read it. But once the data is in transit, there are other factors to take into account, especially when compliance with GDPR or specific industry legislation is a necessity.
3 / GDPR: Investing to respect compliance
For businesses starting to tackle GDPR compliance, the message is clear: prepare to invest heavily to achieve compliance. According to a survey conducted by Ipswitch, Inc. of 300 IT professionals in Europe, nearly 70% indicate that their company will need to invest in new services or technologies to help it prepare for this new regulation. These technologies are: encryption tools (62%), analysis and reporting tools (61%), perimeter security (53%) and file sharing solutions (42%).
Two-thirds of respondents said complying with changing regulations is a burden on their business. Aligning data protection measures with modern practices – in the context of data globalization – is a clever balancing act. It’s clear that compliance comes at a cost, whether it’s investments in technology or time spent training staff. However, when we consider the rationale for this data protection chore to be to improve the protection of citizens from unscrupulous cyber attackers, the benefits of compliance outweigh the disadvantages.
Michael hack is Senior Vice President of EMEA Operations, and has several years of experience in IT companies.
Before joining Ipswitch, Michael Hack was President of Sitecore, a world leader in customer experience management software. He was also previously Senior VP of EMEA & Global Sales for theEnterprise Search Group from Microsoft.