Digital Hygiene in a GDPR World

A year ago, digital hygiene recommendations would have been updating your password, backing up your data, making sure all your apps & operating systems were upgraded to the latest versions or checking on your subscription statuses to stop automatic renewals.  That was a simpler time.  With GDPR live in the EU, California passing its GDPR-like privacy law that goes into effect January 2020, and privacy and data breaches still making headlines daily, consumers & companies live in a new world.

Today, organizations need to worry about meeting strict regulations like GDPR’s Right to be Forgotten.  Consumers have the right to ask a company to remove all their personally identifiable information (PII) from their possession.  If a user in France wants Facebook, Google, or Microsoft to delete all the information they have, the user can request it.  Companies are then required to remove all the PII information they possess.

Companies can remove entries in the database rather easily.  Removing John Smith from the database is simple enough.  However, companies have troves of data sitting on employee computers, synced to official and non-official cloud storage locations, and even sitting on messaging app servers like WhatsApp & Telegram.  If a company lost possession of a spreadsheet with John Smith’s information, the company would still be liable for GDPR fines.

Often exports from the database are shared with third parties for marketing campaigns, sales follow-up, and support.  Now both the company and the third party are at risk of GDPR fines.

Digital Hygiene for the privacy-focused world enables companies to prevent such risk.

Since there is a single source of truth for the company, the central database must always be compliance.  However, how can companies restrict the usage of the potentially risky documents once the data leaves the primary database?  Do companies even know where the information is?

Fortunately, there is a new solution available to help companies meet complicated restrictions like GDPR’s Right to be Forgotten.  However, it’s going to sound like a scene from the latest Mission Impossible movie.

SecureCircle’s data-centric protection solution enables companies to disable access to files at any time regardless of the location of the data.  In the specific GDPR case, automated rules can be established to disable data after a set time.  All files exported from the database that are older than one week old can be disabled.  Users within the company will receive an error that the content has expired forcing the users to re-export the data from the database.  Now the local spreadsheet no longer contains John Smith’s PII information.

Time to improve your digital hygiene.