With discussions over the General Data Protection Regulation (GDPR) in full swing, companies all over the European Union should be preparing for stricter rules governing the protection of personal data. But as technology advances at a rapid pace, more and more companies are storing and processing their sensitive information in the cloud and on mobile devices—where security becomes a bit trickier.
The GDPR could become a reality as early as this year, and businesses must be prepared to abide by the new regulations just as the nature of work is changing. It’s as good a time as any to begin preparing for the switch.
The EU’s data protection reform has been a long time coming. Technology has become integral to business operations, and though the Data Protection Directive was just passed in 2012, it was already found to be in need of significant overhaul. There are some notable changes under consideration:
What does this mean for your business?
The new regulations are increasing accountability for keeping corporate and client data secure, and they’re restricting the way information is shared. By the same token, the tightened regulations aim to decrease the incidence of leaks and data breaches and improve the privacy of anyone whose personal information is collected for any reason.
Considering the fact that these changes are coming at a time when more and more professionals are syncing—and exposing—data on their mobile devices, negotiating privacy and security when it comes to the cloud and its vulnerabilities isn’t always clear-cut. True, if BYOD and file sync-and-share solutions are already being used in your organization, you’ve probably already given thought to the fact that the lack of default on-device encryption is a major problem. But if your business is already using the cloud and you haven’t yet addressed this security gap, the GDPR provides an opportunity to check on your security measures and bolster them, making sure that files are staying secure and impenetrable wherever they’re being stored, shared, or synced.
Frankly, even if your business isn’t using the cloud officially, chances are your employees already are—and that’s a problem. In the UK, 42 percent of office workers said they would use or purchase unapproved cloud services to get their work done, and 36 percent admitted to already having done so. The number is even higher for knowledge workers like engineers, doctors, architects, and lawyers: 60 percent of these said they would use unapproved cloud services without the IT department’s permission.
In absence of an approved SaaS file storage solution, employees are bound to find workarounds. But if your business isn’t sanctioning cloud usage, it’s not controlling its security either. Popular cloud storage providers do not provide encryption protection once files are synced to mobile devices; instead, they’re only protecting the data at rest on their servers and in transit moving between your device and their cloud. So when an attorney syncs confidential client information from his Dropbox account to his phone to prepare for court, or a researcher syncs scores of genetic records to his tablet to be able to work from home, that information is unsecured and free for the taking should that tablet or smartphone get lost or stolen. More than 750,000 phones get stolen in the UK each year. Add to that the theft of tablets, flash drives, and laptops as well as inadvertent loss, and the astonishing number indicates that there’s an awful lot of unprotected information floating around out there.
So no matter how secure your business’ network and firewalls seem to be, the truth is that corporate data just isn’t being kept on the premises anymore. Executives must respond to that, now more than ever, as the GDPR prepares to clamp down.
What can you do to protect your data in the cloud?
As the GDPR changes loom, it’s imperative to start securing files, implementing strong security safeguards, and creating a smooth transition for your workforce.
Asaf Cidon is CEO and co-founder of Sookasa, a cloud security and encryption company that enables safe adoption of popular cloud services such as Dropbox and Google Drive to store sensitive information.