What is best practice data protection?
Direct marketing. Records management. Hand-written notes. Even CCTV footage. Data protection regulations are now all-encompassing.
With the introduction of the GDPR, individuals and organisations are more aware than ever of privacy rules. The GDPR is just one form of data protection legislation and these regulations will no doubt change in the future. However, they are not going away. Still, the day-to-day task of managing information security and compliance remains a major challenge. That's because the actions of just one individual can undermine an organisation's entire compliance process.
By way of example, it's month-end and your sales lead is ready to close a deal. He needs to send his customer a document detailing the terms. It contains sensitive information and company policy states it can't be sent by email. But with the customer about the board a flight, he has to be able to share it right now. So he sends the document via a public cloud app and the customer receives the link. At this point, any hacker could gain access.
Such an example is not just hypothetical. Major organisations have already lost personal data, found to be non-compliant, and have been fined by regulators. Worse still, they have lost the trust of their customers. So how do you allow the sales lead to share information without violating a compliance policy and undermining public trust?
At a holistic level, best practice includes:
- Classifying data properly - so you know whether or not it is sensitive.
- Protecting data - by applying protocols that allow people to keep working.
- Managing the lifecycle of information - keeping tabs on information as it is shared inside and outside the organisation.
Microsoft 365 covers all three areas to provide a robust basis for data protection and compliance.
Information is automatically classified based on whether it contains personal or sensitive data. Policies can be applied to datasets or files so users cannot decouple them. These policies (including the encryption, location limits, etc.) are flexible so they do not hamper productivity. They can be enforced automatically or by prompting users to check whether they should be applied to a specific document.
There are also templates that allow IT teams to set up policies quickly for GDPR compliance. If data classified as sensitive is shared then this is flagged to security administrators.
With a best practice approach to data protection, your organisation will be ready for any new compliance rules while your people will remain productive.