The problem with data, whether it’s a report, an email, a spreadsheet or any other file type, is that internal personnel have to deal with it, typically through the uses of multiple applications in different locations with no real control. This raises significant questions around how this data is stored, shared and analysed.
Every business must consider where and how their data is stored and shared, and make sure their processes are GDPR-compliant.
- Satya Nadella calls for global GDPR
- Majority of companies still aren't GDPR-compliant
- Tim Cook praises GDPR, warns about "weaponised data"
The first aspect to look at is the encryption level. Low standards of encryption make it easy to hack sensitive information. However, even a system that has bank-level security encryption is only as strong as the permission levels assigned to the people who need to handle the data. For example, even if there are platforms preventing spreadsheet data leakage, one can still take a picture of a computer screen.
Accountability and data governance are becoming more and more scrutinised. Consider this case: British bank Barclays (opens in new tab) sent an offer to purchase another firm in 2008 that hid—instead of deleted—nearly 200 spreadsheet cells, resulting in unnecessary losses.
This is the perfect example of how businesses need to take notice of Data Protection Day and increase awareness. It’s an important and essential day for data tracking and governance.
Dealing with data under GDPR
In light of GDPR, this has opened a can of worms for businesses and creating a sense of urgency to deal with them. Data is stored across different applications and locations, and with no control on what could happen to their customer data.
When GDPR came into force in the EU in May 2018, no-one knew how it was going to affect small businesses and corporations. But fast forward to a few months later and even the tech giants have not escaped the laws. This is highlighted most prominently by the recent case of Google being hit with a record fine for breaching GDPR rules – and sends a clear message that the regulations carry serious consequences when it comes to data protection.
The only way to guarantee security is military-style blocking access to networks and searching people going in and out of a facility. As business people, we can’t use military best practice so we have to strive for what can be realistically achieved: education, accountability and control systems for the inevitable bad apples.
As part of data protection awareness, the Information Commissioner’s Office (ICO) offers materials and internal marketing posters (opens in new tab) to ensure there is consistency across the company and that data protection is taken seriously. It’s a good starting point for all CEOs to question whether their company’s documents (emails, presentations, spreadsheets, etc.) are secure and to raise the issue across departments.
The human factor
In order to successfully implement data protection policies, we can’t ignore the elephant in the room: human errors. That’s why we need systems to help humans avoid mistakes, we need a sort of digital ‘safety belt’ to mitigate the risk of errors. To that end, cloud-tech has brought order to chaotic data environments by providing a single source of truth for data, automation and change tracking. For example, spreadsheets are known to contain some of the most sensitive and valuable data - whether customers’ data or financial forecast figures. Spreadsheets are particularly prone to uncontrollable sharing, inaccuracies and lack of accountability - through leaked email attachments, huge number of file versions, inability to understand who changed what and when, and so on.
Data protection days and GDPR play a vital role to raise awareness and encourage organisations to create new audit processes, to innovate and deploy state of the art technology that help them achieve a better, more effective and compliant data management.
Gianluca Bisceglie, Founder and CEO of Visyond (opens in new tab)