Note: This article is a guest post by Mailjet.
The countdown is on, with less than 100 days left before the General Data Protection Regulation (RGPD). You have probably already heard of it, it is the new european regulations on personal data protection which will come into effect on May 25, 2018. The GDPR will apply to all companies or entities, regardless of their country of origin, collecting or processing the data of European citizens.
Why is compliance with this new regulation so important for companies? Beyond the financial penalties (up to 20 million euros or 4% of turnover), non-compliance with the RGPD can jeopardize the reputation of a brand because consumers are increasingly concerned about their personal data and privacy. A study even indicates that 84% of French people would be ready to cancel a subscription to a service from a company that they do not trust.
In this context, the issue of data protection has never been so fundamental. To help you ensure the security and confidentiality of your customers' personal data, we will indicate in this article 3 good practices to follow.
1. Encrypt your emails
Encryption is one of the ways to protect the information contained in emails and thus meet the requirements of the RGPD. In order to really secure your emails, you need to encrypt two things: the message itself and the channel that sends the email.
To ensure proper encryption of your emails, you can use one of these tools, which support the OpenPGP standard: https://www.openpgp.org/software/. For example, you can try GPGTools which is natively integrated with Apple Mail and allows you to send end-to-end encrypted emails.
You can also encrypt the channel that guides your email from an A server (your sending server) to a B server (your recipient's server). This is the role of the TLS (Transport Layer Security) protocol. Note, however, that not all Internet service providers use TLS yet. So if you send a message encrypted with TLS, but your recipient's server does not follow this protocol, the encryption will not work.
Need help?
Reading content isn't everything. The best way is to talk to us.
2. Ensure the security of your servers
You must also make sure that your servers are secure. This is very important because they centralize a lot of data.
If you store the data on your own servers, you need respect the basic precautions such as limiting access to administrative tools and interfaces to authorized personnel only, adopting a specific password policy or installing critical updates. Also take note of what not to do, such as using the servers hosting the databases for other functions, including browsing websites, accessing email, etc.
You can also entrust thehosting your information at a data center. This represents a viable and sustainable solution. The choice of a data center is crucial since it will be difficult to change operator later on, or else face a more or less long interruption of service.
3. Verify the compliance of your suppliers
Last but not least! Because if there is a real awareness of the need to comply with the new European regulation, companies do not always realize that the suppliers used to process their customers' data must also be compliant with the RGPD. Make sure that your suppliers ensure the security and confidentiality of your customers' personal data.
To do this, we advise you to make a list of all the suppliers you use: emailing solution, CRM system, cloud hosting... For each supplier, identify the type of data concerned, the data protection measures in place as well as the person responsible for this data within your company. Then contact all your suppliers to determine their level of compliance with the RGPD. An effective way to do this is to send them a questionnaire to complete.
If vendors seem to meet the requirements of the GDPR, still check if you need to add new clauses in your contracts (limitation of liability clauses, additional security measures, audit rights...). And if a vendor is not suitable, then it's time to change. Working with a vendor that is not compliant with the GDPR puts your company's reputation at risk and exposes it to significant financial exposure for violating the regulation.
Things to remember
As the implementation of the RGPD is fast approaching, here are the best practices to follow in order to guarantee the security and confidentiality of your customers' personal data:
- Encrypt emails you send and receive to protect the information they contain.
- Be sure to follow all precautions to ensure server security on which your data is hosted.
- Check the compliance of the suppliers you work with and, if necessary, add new clauses to your contracts.
