Who’s afraid of GDPR?

Everyone’s heard of GDPR and especially of the hefty fines that ignoring the regulation carries. Panic doesn’t improve information security, but a couple of easy steps do.

The General Data Protection Regulation or GDPR, designed to defend privacy, has been the subject of debates since it was approved in 2016. Sadly, attention has mainly been directed at the overestimated sanctions that ignoring the regulation will bring. These horror stories have certainly turned companies’ attention to information security issues, which is good, but GDPR doesn’t need to be the monster it now seems. Information security can be fixed with a few simple steps, and that’s why I want to ask you three questions that everyone dealing with data should answer.

1. What do I use the data I gather for?

The main idea behind GDPR is that people have the right to choose how data concerning them is handled. Simply, all use of data needs a clear reason: everyone has the right to privacy and you can’t just look at other people’s personal data. The first question about data use should then be: what do I use it for?

The line between private and public can be thin and it can be difficult to determine what data is necessary. Luckily, device management can help. Mobile management only shows the necessary data to a company, while leaving the rest visible only to the user. For example, the health and wellness data on iPhones is private, and companies like your operator don’t need it. Private mobile applications are also your own business as long as they’re secure. However, the information security of work-related apps is your company’s responsibility. By utilizing mobile management you can’t breach GDPR, not even accidentally.

2. Is your information security system up to date?

Because of GDPR, protecting information is no longer just recommended – it’s required, and mistakes are unacceptable. We carry smart phones everywhere and they’re especially vulnerable to information security breaches, because company e-mails and other data can be accessed through the phone. These active attack vectors, as experts call them, are everywhere – even common things like contactless payment carry risks. Mobile Protection easily manages mobile devices and their data, thus also sorting out your clients’ information security.

3. What if a mistake occurs?

Things don’t always go according to plan, and a common question concerning information security is: what do I do when someone’s breached the regulation by processing data incorrectly?

With GDPR, companies need to detect breaches that concern personal data, report them to officials and consumers, and minimize damage.

Don’t worry – you’re not the first one to make a mistake. Different information security mistakes are getting more and more common. With GDPR, companies need to detect breaches that concern personal data, report them to officials and consumers, and minimize damage. Prevention is always the best solution, but as in every crisis, there’s no use crying over spilled milk. It’s important to react to the mistake fast, communicate about it openly, and learn from it.

When a company handles information security well, it enhances their image and creates trust between the company and its clients. Because organizations can support the protection of personal data, I think that GDPR is more of a competitive advantage than a necessary evil. That’s why it’s actually a good thing for both individual people and companies.