This is the sixth post in our blog series about the European Union’s General Data Protection Regulations, which came in to full effect on 25th May this year (2018).
Last time we looked at how non-compliant customer communications archives need to be upgraded, or more accurately migrated, to meet the requirements of the GDPR. This time we look at the importance of keeping customer data protected. What’s different under the new regulations and what can be done to improve security?
It must be said, that long before the new General Data Protection Regulations came in to effect security was at the top of the enterprise priority list. The large fines and inevitable bad publicity that follows a personal data breach has provided a deterrent for some time, if not the existing data protection legislation.
Under the GDPR, organizations continue to have a responsibility to ensure that they have the appropriate security measures in place to protect the personal data that they hold – known as the ‘integrity and confidentiality’ principle. However there is now also clear accountability surrounding what particular measures have been adopted, and most important specific legal requirements around how any security risk has been assessed and managed.
For large enterprises the challenge can be that their customer’s personal data may be contained in multiple locations and used by a number of stakeholders. For example, documents containing data may need to be accessed by customer service agents and multiple lines of business, they may need to be transferred offsite for printing and will undoubtedly be processed through a content services platform or stored in a customer communications archive. For these companies a robust and practical solution is required, which ensures the security of customer data, both at rest and in transit.
One such solution is to encrypt all files containing customer data at the document or page level. Document level encryption removes a number of the risks currently associated with file encryption, where the data contained in multiple documents can be exposed to misuse once the file itself has been ‘unlocked’. With document level encryption however, when there is a need to view, edit, process or transfer a file containing the document, only the relevant pages within it are decrypted and only by the intended recipient who holds the appropriate key.
Document level encryption can certainly help companies to minimize risk and improve data security enabling them to achieve compliance not only with the General Data Protection Regulations but a number of other industry regulations such as PCI and HIPAA. Next time we look at other GDPR compliant ways to keep your customer data secure particularly when documents are in transit.
Take a closer look at Crawford Technologies’ PRO Dynamic Document Archive and PRO Lockdown, which offer document level encryption, compression and indexing, making these solutions optimised not only for security but for the storage, retrieval and transferring of files.
This is part of a series of blog posts on GDPR. Read them all!
Your Enterprise Content Management System and GDPR
The General Data Protection Regulation
Transparency and Lawfulness – What does it Mean?
Fine Grained and Coarse Grained Records Management
Is Your CCM Archive Compliant?