As the leader of an evolving organization, you’re expected to keep employee and customer data as secure as possible. However, aging technology and processes sometimes result in disconnects and even mistakes that interfere with regulatory compliance requirements. For example, the financial industry is rife with examples of tax and recordkeeping violations, and the penalties can range from hundreds to thousands of dollars.
So, what are common mistakes that cause otherwise responsible organizations in various fields to fall out of compliance when they make the move to new solutions? The following are some examples that you should avoid to minimize your risk of missing compliance requirements.
1. Forgetting about GDPR
General Data Protection Regulations (GDPR) went into effect in May 2018, and while they primarily affect European companies, they also affect American companies that collect, maintain or process personal data for people living in the European Union. If your business has no dealings whatsoever with folks in the EU, that’s one thing, but in today’s global economy, it’s best to be ready if you decide to expand at some point in the future.
Regardless, these regulations are a good standard to strive for. They require that businesses be aware of the types of data they collect, keep on top of security breaches and follow a clear, transparent consent process, among other things. For example, as an article in CSO explains, “Opting for a mailing list does not give the small-business owner the ability to use a customer’s data for something else unless this is outlined. Individuals should also know how to withdraw from your database at any time.”
Regardless, these regulations are a good standard to strive for. They require that businesses be aware of the types of data they collect, stay ahead of security breaches and follow a clear, transparent consent process, among other things. For example, as an article in CSO explains, “Opting in for a mailing list does not give the small-business owner the ability to use a customer’s data for something else unless this is outlined. Individuals should also know how to withdraw from your database at any time.”
It’s a good idea to keep GDPR in mind as you move to the cloud.
2. Not checking out third parties thoroughly
It’s likely that your business is partnering with at least one vendor to implement and improve cloud solutions. Perhaps a managed services provider is handling this for you, or maybe your business uses an offsite data center. In both cases, it’s still your responsibility to ensure that vendors and other subcontractors follow these guidelines to protect data and maintain the same level of security.
3. Allowing BYOD without a tight policy
Bring your own device (BYOD) policies are popular in many businesses, but they can backfire if the policies don’t follow a strict set of security protocols. For example, it’s necessary to have data encryption and strong password requirements to address any security issues with apps or software. Make sure you have an adequate BYOD policy in place when moving to the cloud or allowing employees to use their own cell phones, tablets and computers.
4. Collecting unnecessary information
Many customers don’t think twice about turning over personal data such as Social Security numbers, even for something as simple as a fishing license. However, as a general rule, if certain pieces of customer data aren’t needed, don’t collect them. If you do have a good reason for collecting the data that you do, explain your rationale to customers and share how you’ll use their data.
Aside from not having a disaster recovery plan or not providing adequate training for your employees, you should be able to meet compliance requirements if you avoid the four mistakes discussed here.
If you need help navigating the ever-changing landscape, you can always contact us. After all, shoring up your environment to meet compliance is vital to your success. Being aware of the security benefits that cloud computing offers will inform the steps you take to keep your company’s data as secure as possible.