GDPR: What it is and Why it Matters to Your Enterprise

GDPR bills itself as the toughest privacy and security law in the world. Any company that has customers, users, or data storage in the EU – no matter where they’re headquartered – has to comply with GDPR. For enterprise executives, IT professionals, and business users, this means knowing how GDPR impacts business practices and cybersecurity measures. 

Being GDPR compliant doesn’t just protect you from costly fines. It helps your enterprise implement a better set of technology and security practices to protect sensitive data. Implementing GDPR-level security also helps prevent hacks and data breaches that often result in a damaged brand reputation. 

Read on for an explanation of why GDPR exists, what it mandates, and how it affects businesses of all shapes and sizes. 


Source

The Truth Behind GDPR

If you read the GDPR line by line, you’ll find a lot of legal-ese about things like personal data rights and consumer protection. But the reason for GDPR’s existence boils down to one simple fact. Hackers have – and continue to – breach high-profile corporations, businesses, and governments. The truth is, without massive cyber-intrusions like the one that cost British Airways £183.4 million in fines, GDPR likely wouldn’t exist. 

But GDPR goes far beyond penalizing companies that get hacked. The goal is to set a single standard for how all EU citizens’ data is collected, stored, and processed to protect those individuals. A political consulting firm in Italy was recently fined €50,000 for sharing confidential voter data with third-parties in a non-secure fashion. 

People’s personal data is just that – personal,writes Elizabeth Denham, the UK’s Commissioner or Information. Denham’s statement was in response to British Airway’s careless practices that led to the 2018 data breach. “The law is clear,” she continues, “When you are entrusted with personal data you must look after it. Those that don’t will face scrutiny from my office to check they have taken appropriate steps to protect fundamental privacy rights.

Denham issues a stern warning to businesses that handle sensitive EU citizen data of any kind. Banks must now take extra caution with how they store and process credit card information. Hospitals need to take similar precautions with how private medical information gets shared and handled within the building. 

Social media, digital advertising, and public services are other key industries impacted by GDPR.

At the end of the day, if your business collects, touches, or keeps data of EU citizens or customers, you’re at the mercy of GDPR.

Source

GDPR’s Impact on Enterprises

Although GDPR affects sectors across the spectrum, there are common themes to how companies and brands will be impacted. Here are the three most critical areas that organizations to be aware of in relation to GDPR security and compliance. 

1. Data Collection Methods

GDPR raises the bar significantly when it comes to how your company can legally collect private data from EU citizens. The law specifies that users must consent in “either a statement or a clear affirmative act.” Whether it’s filling out a form on your website or subscribing to an email list, businesses must make sure that there’s a clear opt-in for consumers. In most cases, GDPR also mandates that consumers then double-validate their consent in a separate email. 

2. Internal Secure Communication

Once data has been collected, companies also need to take a hard look at how sensitive information is handled, processed, or communicated internally. This includes how internal staff and employees transmit sensitive data during the course of their normal work. For example, a nurse in one wing of a hospital may want to send a patient’s test results to a surgeon using the hospital’s own private messaging platform. You’ll need to ensure that those private channels are GDPR-compliant, using technology like end-to-end data encryption keys. 

3. Human Resource Strategy

In many cases, sensitive information isn’t compromised because a hacker muscled their way into the system. Instead, it’s negligent employees who mishandle data – often unintentionally – that leave data exposed in violation of GDPR. Moreover, enterprise-scale businesses will likely have to appoint a Chief Data Protection Officer (DPO) per GDPR. These are two of the biggest ways that GDPR is likely to affect human resource operations within your business. You’ll need to conduct regular training to ensure your entire company is handling and protecting data in a GDPR-compliant fashion. And your DPO will be there to lead the strategy as well as liaise with regulatory bodies as needed. 

It’s not if GDPR affects your company. It’s when.

It feels like regulators are just getting warmed up when it comes to enforcing GDPR compliance. This includes companies like British Airways that have highly-publicized breaches, as well as companies that are simply not collecting, storing, and handling data up to standards. The key is to make GDPR a priority from the C-Suite down to everyday employees and work hand-in-hand with IT experts to ensure your entire technology stack has as few vulnerabilities as possible. 

It’s not if GDPR affects your company. It’s when. The sooner you get a handle on what GDPR is and how it applies to your business, the faster you can adjust your technology and business practices accordingly. 

The Risks and Rewards of Private Messaging Technology

Internal private messaging apps are on the rise for businesses, and for good reason. Doctors chatting with nurses on a different floor during a hospital emergency. Maintenance repairmen coordinating in the field using iPads.

No matter the industry or scenario, better communication almost always equals better results.

Enabling teams and employees to communicate and collaborate better seems like a no-brainer. But while the advantages to private message tech are immense, it’s critical to also be aware of the risks. Internal messaging can improve productivity and collaboration, but if you’re not careful, you’ll leave yourself open to things like cyber threats or compliance issues. 

Before you dive into implementing any private, internal messaging technology or apps within your enterprise, here are the risks and rewards you need to consider. 

Reward: Enhanced Collaboration 

One of the most significant features of private messenger apps and technology is that team communication can take place instantaneously. A standard feature of most secure enterprise messaging apps is the ability to segment users into specific group chats in the form of team or room conversations. 

This makes team communication and collaboration more instantaneous, productive, and dynamic. Rather than lengthy and confusing email strings – often containing people not relevant to the conversation – private messaging is clear and takes place in real-time. The ability to easily include things like photos and files, as well as tag other users, takes team collaboration to the next level.

Risk: Cybersecurity Threats 

Many enterprise organizations need to handle, work with, and transmit what’s considered sensitive and valuable information via B2B private messaging apps. Defence contractors or government military, for instance, might need to communicate classified information between teams to coordinate missions or activities. The same goes for other industries like the financial and healthcare sectors.

The problem is, hackers and cybercriminals recognise how valuable this information can be and often target private messaging users for cyber theft.

The reality is that not all internal messaging technology created is equal from a security standpoint, so choosing the wrong one can be fatal. For instance, many businesses aren’t aware that some supposedly “private” messaging apps are not end-to-end encrypted, and therefore extremely risky for businesses. 

Reward: Integration Capabilities

Nobody likes using a plethora of different apps, platforms, and communication channels to get their job done. But with traditional communication channels like email and phone, this often becomes the reality. Business users are stuck going back and forth between their email, customer relationship management (CRM), and other tools to simply log communication or find the information they need.

Most private messaging technology now integrates with a variety of different tools and systems to streamline day-to-day workflow and make life easier for everyone. Internal messaging integration capabilities are growing at a rapid rate that should only continue in 2020 and beyond. CRM systems, SQL databases, and chatbots are just the tip of the iceberg in terms of what private messaging integration will look like in the future. 

Risk: Data Ownership 

Data ownership isn’t just a concern – and hotly debated topic – in the consumer world. People who use apps like Facebook Messenger or WhatsApp are now realising that for the most part, they lack ownership over data communicated on those platforms. What many enterprise users fail to realise is that this is all too often the case with B2B messaging apps.

Private messaging app providers often use the cloud to facilitate internal communications on their platform. Therefore, you can’t be 100 per cent sure that data belongs to your business and yours alone. Aside from simply not being in sole control of all communication data that takes place, lack of ownership may prevent you from accessing prior messages in the event of an emergency because you’ll need legal permission. 

Reward: Better Recordkeeping

Emails get deleted, conference calls get forgotten, and physical documents get lost in the shuffle. Aside from the security issues that these communication channels present, there’s simply no reliable way to archive what was said on a consistent basis. Things are either deleted forever or kept semi-permanently in (most often) an unsecure fashion.

Internal, secure messaging apps change all this, allowing correspondence to be archived for safekeeping and future reference. Current group chats and strings are also easily searchable on most apps, making historical data easily accessible. Depending on your industry, this might also be critical from a compliance standpoint, as you may have to produce communication history to regulatory bodies on a moment’s notice.

Risk: Regulatory Compliance

Handling sensitive or private information in any way usually comes with some form of regulations to comply with. For instance, the European Union recently passed the General Data Protection Regulation (GDPR), requiring that companies meet certain privacy and security standards when using business apps.

Failure to comply with regulations like GDPR can be severe. German automotive maker Continental AG was recently investigated and banned from several private messaging platforms over concerns that the security of their private messaging platforms wasn’t GDPR  compliant. Even more specific regulations apply to sectors like healthcare, finance, and defence, so a poor choice with your internal messaging app provider or usage could leave you at risk for regulatory issues.

Private messaging apps and technology provide a huge boost to businesses in many areas, including collaboration, integration, and productivity. But before committing to a platform, it’s important to recognise the potential risks. You’ll want to make sure that you have complete data ownership and that you meet all regulatory requirements like GDPR. Most importantly, you’ll need to ensure that your chats and communications are secure, fully encrypted, and completely out of reach from hackers and cybercriminals.

Four Encrypted Chat Myths You Need to Know

Businesses are more worried than ever about data privacy. Large corporations, social media platforms, and financial institutions have all suffered hacks recently. But enterprises still need to communicate and are turning to encrypted chat apps. The problem is, “encryption” might not mean exactly what you think it does.

Cybercriminal sophistication is increasing by the day. What was secure yesterday might not be secure tomorrow. But businesses that handle sensitive data via chat need top-level security. This goes for health, financial, or governmental defence sectors, for example. Unfortunately, there are certain misconceptions and myths about what encryption really means.

From defining end-to-end chat encryption to regulatory compliance, here are the top five myths you need to know.

1. End-to-End Encryption is Impenetrable

There are plenty of apps that boast “end-to-end” encryption. But as one cryptographer from Johns Hopkins university, Matthew Green says: “Encryption isn’t magic. You can easily get it wrong. In particular, if you don’t trust the people you’re talking to.” Even if chats are end-to-end encrypted, an individual could take a screenshot, show the message to someone else, or mishandle the data in other ways. 

Today, the phrase end-to-end encryption is more marketing jargon than a specific product feature. When using an enterprise messaging app for business, there’s no guarantee that you’re fully protected from hackers and cyber criminals. For instance, many so-called secure “end-to-end” enterprise messaging apps synch data between devices and the cloud. 

Having data sent to the cloud gives hackers one more vulnerability point to potentially access private data. Often end-to-end encryption means that messages are indeed fully protected on your smartphone, iPad, or laptop. However, data often needs to be decrypted when it reaches the cloud. There are many highly secure enterprise messaging apps on the market, but to believe they’re invincible because they say “end-to-end” would be a mistake. 

2. Encrypted Chat Apps are Equally Safe

There are various encrypted apps on the market that look similar at first glance. But businesses often fail to recognize subtle differences in how they function. Encrypted chat apps use different technologies and take varying levels of security measures. If you take a “just pick one” approach to encrypted chat apps, you’re buying into myth number two. 

Some apps, for example, collect and store metadata on their own cloud servers. Others go out of their way to store very little. Metadata is high-level information about the chat, like who you talked to and when. So, although the contents of your app aren’t accessed or stored by the app, metadata is still dangerous.

Hackers have stolen metadata from technology providers before to access private data. Chat apps are no exception. And metadata storage is only one aspect where apps differ. For example, the highest encrypted apps allow only sender and receiver to modify messages. Lower security apps don’t have this feature. It might be tempting to think that most business chat apps have similar security levels. But that’s just not the case.

3. Only Sensitive Info Needs Encryption

It’s common for many businesses and organizations to think, “I don’t handle top secret info in chat. So why do I need encryption?” Unfortunately, that’s exactly what hackers and cybercriminals want you to think. Even if your private, sensitive information is elsewhere, unencrypted chat is a liability. 

Hackers look for endpoint vulnerabilities or weak links in your cybersecurity chain. Even if the data in your chat isn’t what they’re after, it might still be valuable for other attacks. It can clue them into how to conduct phishing or social engineering attacks. Or figure out which individuals and emails to go after.

This myth is particularly dangerous to industries like finance, healthcare, and defence. The “Crown Jewels” in these cases are quite valuable. Credit card numbers, private health info, and government defence codes. It’s a huge mistake to think that only chats with this information need encryption. Instead, you should consider organization-wide encryption mandatory.

4. Encryption Always Equals Compliance

Many industries that work with sensitive data are subject to regulatory compliance. It’s part of the reason they take security so seriously and turn to encrypted chat for more privacy. Businesses then tend to assume that using an encrypted chat app is compliant. If a breach does occur, regulatory agencies will become involved. And they’ll take a hard look at if your encryption app meets their standards.

The main issue with this myth is that many businesses don’t know the in’s and out’s of regulations. In some cases, they aren’t even aware of which regulations apply to their industry. The EU’s General Data Protection Regulation (GDPR), for example, has its own set of standards. And if you operate in fields like banking or healthcare, there’s even more regulations.

The pain of believing this myth often comes after hackers have done their dirty work. Regulators will come in, analyse the root cause and assess the aftermath. If they find that your chat app wasn’t up to par – even if it’s encrypted – you could be in for hefty penalties. Never equate encryption with compliance. Always dive into the details and be 100 per cent positive.

Encrypted chat is an obvious security measure for most B2B enterprise communications. But don’t take a laissez-faire approach to choosing secure internal messaging tools. Encryption is a word that’s thrown around a lot, and it means different things in various contexts. Don’t assume that “end-to-end” means impenetrable. Recognise that encryption isn’t only for Top Secret military codes. And make sure the encrypted private messenger app you’re using is compliant to the letter.