Client Data Protection.  Why should you care? 

Posted on September 17, 2019 | Tags: , , ,
Vice President of Business Development

Katheryn started her career in the tech industry at a startup, eventually moving into a position leading the technology team at an internet search firm. She brings expertise in enterprise software, strategic sales, go-to-market strategies, Saas technologies and product marketing. A supporter of the arts, Katheryn is into museums and travel, especially to Disneyland, near her home in Orange County, California.

Many have heard of the dreaded acronym “GDPR” and if you haven’t you most likely have been or will be soon affected by it.   

What is it?  The General Protection Regulation (GDPR) is long (99 Articles) and in a nutshell is a legal framework, setting guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).  It came into effect in May of 2018, however many companies have not really considered the ramifications of GDPR and how it will affect their business. 

Even if you do not do business with individuals in the EU, you most likely do collect their data in some way, shape or form, and if so, this applies to you.  And starting to adhere to some of the guidelines will get you prepared for similar laws that are starting to pop up in the US (California Consumer Protection Act). 

And honestly, it makes you a good Corporate Citizen, showing you care about your clients information, privacy, and their trust in your organization.   

The main points to take away: 

  1. Be sure you have asked for consent to collect and store their data and be VERY clear with how you intend to use it.  You need to have a “lawful basis” to process the data, and only collect the information you absolutely need. 
  2. You cannot use the data for anything other than what you have originally stated. 
  3. Be sure you are adhering to standards and best practices for protecting and securing that data 
  4. If there is a breach, have a thoughtful and immediate plan to communicate the situation to your clients and remediation steps.  You must also make regulators aware within 72 hours of the event. 
  5. Users of your website as well as clients can ask for where and how their information is stored.  They can ask for a copy of it. They can ask you delete it.  They can ask you to correct or update it.  And they can ask that you discontinue or “pause” the use of your data, but not delete it.   
  6. Make sure other vendors and companies that you work with and possibly share data with are compliant and you have a clear agreement on roles and responsibilities with regards to the data you collect. 
  7. You must limit the storage of personal data for as long as necessary to achieve the purposes for which the data was collected.  
  8. There are some pretty hefty penalties that come with non-compliance or a breach.  This can be upward of hundreds of millions of dollars, based on the infraction and size of the company.  There is also a steep cost to your company’s reputation if you have a major breach or do not disclose how you’re using clients data. 

Having a plan, using the built-in tools and technology (many come with products such as Azure and Office 365), and being extremely cautious with your clients data is not only good idea from a compliancy standpoint, but keeps you ahead of the curve in future laws and legislation that is eminent in the US.  

My initial suggestion would be to have someone in your organization start putting a Data Protection and Compliancy plan together and designate someone or a team as point of contact should your clients have questions about the data you store for them.  Don’t just say you care about protecting your clients and their data, really do it and champion it within your organization. 

Reinvent your business.
Win the future.

At Artic, we absolutely love partnering with great people. Whether you want to have us jump in and help you with your business, or would like to join ours, please send us your information and we’ll get in touch.

Industry Analysis

Get our expertise and views on business growth
and cutting edge technology.

Azure Customer Story: Fleet Complete

Shortly after a surge in business, which mobile-workforce-management company Fleet Complete referred to as “man your battle stations” mode, the company kicked into disaster recovery mode. In January 2018, the Fleet Complete head office in Toronto, Canada, was flooded. Although...

Read article

Azure Customer Story: Missing Children Society of Canada

Helping find children isn’t an easy business, but Missing Children Society of Canada is using Microsoft Azure and Xamarin to leverage Canada’s social networks to bring missing children home. Azure gives them the scale they need to optimize their use...

Read article

Office 365 Customer Story: Toronto Zoo

Moving from pen and paper to a culture of cloud-based technology, the Toronto Zoo has revolutionized the way employees work. Using Office 365, they have improved internal processes and data sharing with partners around the world.

Read article