The General Data Protection Regulation, commonly known as GDPR, is a set of regulations which are meant to help protect customers’ data from any sort of misconduct.

In light of recent events, where everyone is talking about protecting the data given by customers to companies, a new law protecting that data from being misused is to be implemented in Europe. Once GDPR is officially set in motion, companies will not only have to avoid the misuse of their customers’ data but will also be required to actively protect it. Information such as the customer’s address and credit card info will no longer be protected by the individual company’s protective system which may or may not be the most effective, but will rather be protected by a framework specifically chosen and developed by the EU.

What does GDPR mean for the customer?

“We’re all going to have to change how we think about data protection.”

This was the main message Elizabeth Denham, the UK Information Commissioner, was trying to convey in her speech on GDPR. For starters, customers will receive greater transparency. In this day and age, when we are simultaneously sharing more than ever but also starting to realize that may not be the best idea, we are all concerned with how the companies we put our trust in use our sensitive data. In lieu of skipping reading the terms of use and hoping for the best regarding the way the company we are working with protects our data, we can now rely on a greater power which presumably has our best interests in mind. This regulation is long in the making, with European companies making the shift from paper to digital for the last twenty years without any sort of official law protecting the data. As with any change, this too was long overdue, and we wait to see whether the first version will have any positive implementations on the subject. While we consider the ups and downs GDPR will bring us, let’s talk about what your company should do about the switch.

Making a shift to GDPR

First of all, keeping up with the new regulations should definitely be your top priority, seeing the fine for not complying is set to 4 percent of either the worldwide annual revenue of the prior fiscal year or €20 million, whichever is higher. If the general wellbeing of your customers isn’t enough of an incentive, the fine should certainly make you reconsider your protection protocol.

 

Basic steps in GDPR compliance

  1. Understand the data. Where is it stored, how can it be reached, what can it be used for, who has access to it? Once you’ve gathered all this information, you need to secure and backup your data, as well as decide who manages it and control their permissions.  Another thing to note is that since customers will now not only have the option to see and edit their data but also have it deleted or moved to another company, the data should remain as portable as possible. The best way to provide this is through a cloud service as to avoid unnecessary dispersion of data. You can choose to do this via Azure services such as the Azure SQL Database Firewall or the SQL Server Authentication.
  2. Protect the data. Security breaches are quite common these days, so your company must have potential attacks on their mind at all times. This also means preparing for the worst-case scenario, so the data not only has to be well secured, but employees should also be trained on what to do in case of a data breach. You can use Microsoft SQL to reduce and minimize the impact of a possible attack. As I said, customers will from now on be able to transparently see and if need be delete their data. This means you need to organize the data as well as have protocols in place to decide what kind of data will be stored in case of need for recovery and which can be deleted.

Help with GDPR assessment

Complying with the new regulations may sound complicated and tricky, and the fine is certainly something to cause you quite a headache, but with good organization, you shouldn’t have any major problems switching from your existing protocol to GDPR. As always, you can rely on any of Microsoft’s existing platforms to help you secure your customers’ data to the best of your capabilities. We use Azure RMS to keep our data safe. If you want to learn more about Azure RMS, read our article here.To assess your GDPR compliance and keep data safe and organized within your organization, head to Azure Data Classification. If you are still unsure about what this means for your company or how to put the required protocols into place, feel free to contact me at vedranh@outlook.com