Staff and your data

Staff and your data

Virtually every member of the UK workforce uses data of some kind. Since the enactment of the General Data Protection Regulations (GDPR) in May 2018, more people are aware of how they use data, and of the ramifications of data misuse. However, there are still many risks involved with the use of data in the workplace. So how—in a workforce that’s increasingly connected both at work and elsewhere—can you keep your organisation’s data safe?

How Does GDPR Affect Businesses?

GDPR is a set of regulations that pertains to all business that collect and handle personal data. In the UK, GDPR replaces the Data Protection Act (1998), which was developed back when the internet was still very new. In the last two decades, legislation has struggled to keep up with the rapid pace of technological advancement; GDPR was enacted in part to make sure that people have control over their personal information.

For the most part, GDPR is similar to the Act that it replaces. But now, personal data is more broadly protected. It’s also easier for individuals to find out what specific data an organisation has collected.

One side effect of this—for businesses and other organisations—is that there are now more stringent requirements for organisations that collect and handle personal data. And, there are greater penalties applied in cases where those requirements aren’t upheld.

Infringement of GDPR can result in:

  • A warning or reprimand.
  • A temporary or permanent ban on data processing.
  • Rectification, restriction, or erasure of data.
  • Suspension of data transfers outside the organisation’s home country.
  • An administrative fine. This can be as much as 4% of the organisation’s annual global turnover, or €20 million, whichever is greater.

What Steps Must You Take to Keep Data Safe?

Identify sensitive data. What data does the organisation have that must be protected under GDPR? And, what other kinds of data need to be protected? Trade secrets, financial information, research, employee records, and other kinds of data are all highly sensitive, for instance.

Identify how that data is stored and transferred. For all the organisation’s sensitive data, it’s vital to identify how the data is created or collected (i.e. what is the original source?), and where and how it is stored. It’s also important to consider how the data is moved, and for what purposes.

Identify who has access to the data. For every kind of sensitive data the organisation uses or stores, build a list of people who have access to that data. Who has access to view, edit, delete, or transfer the data? When people use the data, how long do they typically access it for? How frequently overall is the data accessed? All of these questions need to be considered when you’re deciding what kinds of measures should be in place to keep it safe. And finally, also consider if it’s possible to minimise the number of people who have access to sensitive data. The fewer the people who have access, the better.

Identify and implement strategies for protecting the data. Various kinds of data need to be protected in different ways. And the strategies you choose should depend not only on the type of data in question, but also on how it’s collected and moved, and on who has access to it.

Stay up-to-date. Implementing data-protection strategies is just the beginning. To make sure your organisation’s data is secure in the long term, the strategies you employ should be continually reviewed and updated.

Educate your employees. It’s not enough for management to understand data security practices. Every member of the workforce should also be aware of GDPR and the importance of correctly handling personal data. And everyone who has access to sensitive data should be trained in secure data-handling practices.

How Microsoft Enterprise can Help

Data security is a big concern for almost all organisations. But not all organisations have the budget and the employee expertise they need to be able to safeguard the data they collect. This can become a major problem if any data is leaked or stolen, or happens to fall into the wrong hands.

While this is an issue of major importance and impact, there is a simple solution: Microsoft Enterprise Mobility + Security.

This suite of security tools helps your organisation ensure all its data is kept safe and secure, including company data, employee data, and client and customer data. Mobility + Security comes with a wide range of features that help organisations of all kinds safeguard data from both external and internal threats. Some of these features include:

  • Safeguard corporate data “at the front door” with identity-driven security.
  • Manage apps and data—on Windows, Android, and iOS—from one central location.
  • Automatically classify and protect sensitive data, with protection that persists wherever the document goes.
  • Advanced behavioural analytics to identify persistent threats.
  • Backed by vast Microsoft research data to detect suspicious activity and cyber threats almost as soon as they happen.

One of the biggest advantages of Microsoft Enterprise Mobility + Security is how easy it is to ensure your data remains secure. As long as your Microsoft subscription is active, you’re protected—and the software is able to update automatically. This means that once it’s installed and configured correctly, you’re always protected from the latest cyber threats, without having to spend time downloading and installing updates.