Happy 2nd Birthday GDPR!
On 25 May 2018, after years of putting the GDPR together, the EU shook the proverbial cages of businesses around the world, and introduced the world’s toughest data privacy legislation.
The GDPR was set up so consumers could trust enterprises with their data, and to date, it is still the most complete set of rules to protect users.
Two years on, we see that the aim of the GDPR is a positive one, and it is pushing many private and public enterprises towards a much-needed digital transformation. However, many businesses are still not compliant.
A digital transformation can help enterprises be more productive, secure data, offer more efficient operations, and increase margins. That is why enterprises need to adjust to a world where employee-centric applications and productivity suites need to be made available to their workforce.
Enterprises from varied industries are turning to technologies such as Messagenius, a secure enterprise messaging apps.
These secure messaging apps provide a private, secure, and GDPR compliant communication tool that can help turn things around for enterprises of all sizes.
GDPR Compliance & Secure Enterprise Messaging Apps
While many are still struggling to meet the long list of GDPR requirements set out by the EU, there is a reason for its inception; companies need to provide a higher standard of security for personal data. In order to do so, enterprises will be audited and fined should they not adhere to these regulations.
Amongst the many checkpoints, there is one regulatory requirement found in Article 25 of the GDPR that is proving to be one of the most difficult to solve: «data protection by default and design».
By default, companies/organisations should ensure that personal data is processed with the highest privacy protection (for example only the data necessary should be processed, short storage period, limited accessibility) so that by default personal data isn’t made accessible to an indefinite number of persons (‘data protection by default’).
Regardless of this, studies have found that 81% of workers reuse passwords across accounts, often sharing corporate and personal passwords via social media channels and that over 600,000 facebook accounts are hacked daily.
Using consumer-grade messaging apps to communicate official information is a huge risk for enterprises; the ramifications are endless and include costly data breaches, privacy breaches, and heavy fines under the GDPR. As such, it becomes a need for enterprises to look for a better option – a GDPR compliant secure enterprise messaging app.
The Data Security + Data Privacy Equation
This equation comes down to a very simple set of rules:
- which data is protected
- how it’s protected
- whom it’s protected from
- who is ultimately responsible for that protection
Data security is more about securing sensitive data, and you certainly do not need to be an IT manager or expert to understand that one. Data security primarily focuses on preventing unauthorised access to data via breaches or leaks, regardless of who the unauthorised party is.
However, privacy is concerned with ensuring that the data is consumed compliantly and with the consent of the data owner for any given entity processes, stores, or transmits.
Widespread communication and collaboration messaging apps, most obviously WhatsApp or Zoom, but also Telegram, Slack, or Signal are secure, offering ‘end-to-end encryption,’ so third parties are unable to see your messages.
But how secure are they, and are they appropriate for professional use? Do their privacy policies exclude the possibility that they (Facebook, Zoom, etc.) cannot view your messages? Apps such as Telegram, Slack, WhatsApp have access to so much of your data that we are not always aware of. These apps can see IP addresses, location of the users, other files and apps installed on your phone/tablet/laptop, contact lists, photos, as well as audio recordings. Not to mention Alexa and Siri listening to you even if you’re not using your phone/tablet.
As Kalev Leetaru wrote for Forbes in 2018, “social media companies collect so much data even they can’t remember all the ways they surveil us.” Another reason why the GDPR was introduced.
The core business of these consumer-based apps is to increase the number of users. Their success comes only in terms of the number of users and levels of interaction, so you could say it is volume over value, quantity over quality. Adoption/usability is everything.
What does this lead to? ‘Growth by design.’
Take something as small as the contacts list on a mobile device, for example.
Many employees that use consumer messaging apps for work, will have ‘friendly’ and ‘professional’ contacts on their phones. These contacts are uploaded to the messaging app automatically and do those professional contacts know, or have they given consent for this? Of course not.
How many times have private communications leaked to the public, even though Whatsapp may offer secure ‘end-to-end encryption’? Ask the likes of Jeff Bezos.
Simply put, these apps might be strong enough on security, but they do not offer the privacy options required for professional use.
Read more on Consumer vs Enterprise Messaging apps.
The Struggles of IT Decision Makers
A survey conducted by Vanson Bourne to over 900 senior IT decision-makers found:
IT leaders are also struggling to comply with mandates from senior business leaders within their organisations.
“Nearly 80 percent of respondents stated their executive team believes it is the public cloud service provider’s responsibility to protect any data stored in public cloud environments, which is fundamentally incorrect,” said Rajamani. “This shows executives are confusing the availability of data with its recoverability. It’s the organization’s responsibility to protect its data.
Other surprising data from the survey indicated that:
- 38% of non-compliant businesses do not understand when consent is required to hold and process data.
- 35% are unsure how they should monitor their employees’ use of personal data.
- 34% don’t understand what procedures are required to ensure third party supplier contracts are compliant.
- 21% of businesses admit that they still have no cybersecurity strategy in place.
However, smart, efficient, and transparent management is possible with the right tools.
Messagenius & GDPR Compliance Checklist:
- Messagenius does NOT store the address book of the user.
- Messagenius does NOT use or store data unless it is required to provide the messaging service.
- Messagenius does encrypt, pseudonymise, and anonymise personal data where possible.
- Messagenius provides comprehensive configurations and policies to protect data.
- Messagenius allows you to delete users and all related personal data.
- Messagenius guarantees order data processing in compliance with the GDPR.
- Messagenius has a messaging archive that is fully searchable (with access by authorised persons only).
- Messagenius has audit logs and ensures record keeping requirements.
- Messagenius allows for someone to be appointed and ensure GDPR compliance across the organisation.
Do you have questions regarding this GDPR checklist for a secure enterprise messaging app? Or would you like more details on how Messagenius provides all the GDPR requirements of data protection, security, and compliance? Contact us today.
To Wrap Up
Long before the GDPR, there were many data protection regulations in place. However, they were never taken seriously as a threat. The arrival of the GDPR has finally created a shift in the threat level to non-compliant enterprises, bringing a new age of serious sanctions against those who violate people’s right to privacy.
Two years on from the introduction of the GDPR, businesses have more steps to take to achieve compliance, and they need to address the challenges of handling data. But now they can get some help from secure enterprise messaging apps such as Messagenius. Technology that can help enterprises manage their data more effectively, help lower compliance risks, improve their competitive positioning, and create a happy and more productive workforce.
So, what are you waiting for? Get in touch with our dedicated team and get compliant today.