“I was fined for violating GDPR. What should I do?”
The GDPR is already in place and has already begun to make its first “victims”. Many people doubted the existence of large fines, but the truth is that several European companies were fined due to legal failures. Among the main causes of fines are the following: undue access to data by an excessive number of users, breach of data integrity and confidentiality due to lack of preventive measures and inability to ensure the technical implementation of previous measures. Companies that are fined for failure to comply with the new legislation have a long way to go to regain the trust of their customers and other stakeholders. In today’s article, we leave some tips for getting back on the heels of a GDPR fine!
Inform your stakeholders
No company likes to show its weaknesses, but if there is loss of data in your company it is advisable to be honest with your stakeholders. It is important that you make a statement explaining what happened, what kind of attack you suffered, and what was the data that was lost. At a time when information protection is so important, companies have an obligation to notify the holders of personal data of any loss. It should also inform people about the measures they will take to prevent similar situations from happening again in the future.
Use a data masking solution
Data masking aims at creating a structurally identical version of the data, but not the same as the original version. This technique creates a database with fictitious but realistic information that can be used for testing and training purposes. Data masking solutions offer a variety of sophisticated scrambling techniques to protect sensitive data, irreversibly replacing them with data that is not real, while maintaining referential integrity of the database. It is increasingly important that companies adopt this technique, as computer attacks are increasingly sophisticated, which makes them more unpredictable and more lethal. Datapeers is a good example of a data masking product. Thus, even in case of theft or loss of data, the information lost will not be the real one and will not compromise the information of customers and suppliers.
Reformulate your security policy
The security policy is a document developed by the company that records the principles of security that the company adopts and that must be followed by the employees. The security policy should be applied to all information systems, both desktop and mobile. For policy to be respected, it is essential that top managers participate in its implementation. It should also limit access to information by its employees. Each employee should have access only to the data he really needs to work, because human error is one of the most serious causes for information leakage. Adding watermarks to sensitive files is also a good way to prevent private data theft and helps identify the source in case of loss. The loss of company data is the ideal time to reshape your way of dealing with data security.
Implement a way to recover data
It is very important to have a recovery service in the Cloud, so that even in case of computer disasters there is no total loss of data. RAAS, for example, is a dedicated infrastructure with selective replication. This service enables nearly instantaneous disaster activation on virtual servers in a remote environment. In this way, even in the case of more extreme disasters, the information is easily recovered, not interfering with the usual performance of the company. This is a proactive measure increasingly needed in today’s businesses.
GDPR focuses heavily on supervision and punishment, through the application of high fines for offenders. In cases of minor infringements, it may reach 10 million euros or 2% of the global turnover of the group where the company operates and in the most serious cases may reach 20 million euros or 4% of world turnover. So it is essential to know how to avoid the GDPR fines!
Marketing administrator
About the author