by jorge.cabaleiro | GDPR has been a hot topic in the last few months and often times companies are still trying to understand the impact of this new regulation on their day to day operations. In a previous blog post we spoke about the compliance problem of mainstream messaging apps when used in an enterprise environment. In this entry I would like to talk about the main points any enterprise should consider before deploying a communications tool:
- Keep the data where it belongs: reduce risks, try to keep all contacts, conversations and files under control. This is specially important if you are recording calls or working in sectors that deal with sensitive information. The best place to store all this data is your own datacenter or private cloud. By doing so you will not have to worry about unknown data leaks or unclear third party data processing policies that can harm your data protection policies.
- Track interactions: monitor how data and information moves, what information is being kept and which left the company, who had access to that data and if any leaks happened. Having access to logs, chat history, shared documents and other interactions can help spot malicious activities. Make sure you know if information ended up in a country outside the EU and what specific information ended up there. This will allow you, in case of being investigated, to prove that you are able to oversee how your company data flows.
- Restrict access to sensitive data: Pay attention to who is accessing data. A properly configured UC tool can have different access levels depending on the department. This also ensures that people that people that have access to that information are properly trained.
- Delete what you don’t need: if a client ask you to delete their data make sure you can effectively do so, same applies to old data you don’t need anymore. Be careful if working with third parties, sometimes is not easy to know for how long they might keep that data or for what purposes. Find a way to make sure that if a customer wants to be forgotten all that information is truly deleted.
- Give your customers their data back: when dealing with personal information your customers have the right to know what data is being stored and for what purposes that information is being kept. Also, you need to be able to correct information in case it is not up to date. Make sure you can access and correct all that data and that you can give your customer that information.