Client Data Protection.  Why should you care? 

Posted on September 17, 2019 | Tags: , , ,
Vice President of Business Development

Katheryn started her career in the tech industry at a startup, eventually moving into a position leading the technology team at an internet search firm. She brings expertise in enterprise software, strategic sales, go-to-market strategies, Saas technologies and product marketing. A supporter of the arts, Katheryn is into museums and travel, especially to Disneyland, near her home in Orange County, California.

GDPR logo

Many have heard of the dreaded acronym “GDPR” and if you haven’t you most likely have been or will be soon affected by it.   

What is it?  The General Protection Regulation (GDPR) is long (99 Articles) and in a nutshell is a legal framework, setting guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).  It came into effect in May of 2018, however many companies have not really considered the ramifications of GDPR and how it will affect their business. 

Even if you do not do business with individuals in the EU, you most likely do collect their data in some way, shape or form, and if so, this applies to you.  And starting to adhere to some of the guidelines will get you prepared for similar laws that are starting to pop up in the US (California Consumer Protection Act). 

And honestly, it makes you a good Corporate Citizen, showing you care about your clients information, privacy, and their trust in your organization.   

The main points to take away: 

  1. Be sure you have asked for consent to collect and store their data and be VERY clear with how you intend to use it.  You need to have a “lawful basis” to process the data, and only collect the information you absolutely need. 
  2. You cannot use the data for anything other than what you have originally stated. 
  3. Be sure you are adhering to standards and best practices for protecting and securing that data 
  4. If there is a breach, have a thoughtful and immediate plan to communicate the situation to your clients and remediation steps.  You must also make regulators aware within 72 hours of the event. 
  5. Users of your website as well as clients can ask for where and how their information is stored.  They can ask for a copy of it. They can ask you delete it.  They can ask you to correct or update it.  And they can ask that you discontinue or “pause” the use of your data, but not delete it.   
  6. Make sure other vendors and companies that you work with and possibly share data with are compliant and you have a clear agreement on roles and responsibilities with regards to the data you collect. 
  7. You must limit the storage of personal data for as long as necessary to achieve the purposes for which the data was collected.  
  8. There are some pretty hefty penalties that come with non-compliance or a breach.  This can be upward of hundreds of millions of dollars, based on the infraction and size of the company.  There is also a steep cost to your company’s reputation if you have a major breach or do not disclose how you’re using clients data. 

Having a plan, using the built-in tools and technology (many come with products such as Azure and Office 365), and being extremely cautious with your clients data is not only good idea from a compliancy standpoint, but keeps you ahead of the curve in future laws and legislation that is eminent in the US.  

My initial suggestion would be to have someone in your organization start putting a Data Protection and Compliancy plan together and designate someone or a team as point of contact should your clients have questions about the data you store for them.  Don’t just say you care about protecting your clients and their data, really do it and champion it within your organization. 

Reinvent your business.
Win the future.

At Artic, we absolutely love partnering with great people. Whether you want to have us jump in and help you with your business, or would like to join ours, please send us your information and we’ll get in touch.

Industry Analysis

Get our expertise and views on business growth
and cutting edge technology.

Is your SharePoint a Headache?

SharePoint…love it or hate it? Through the years, people have had a love/hate relationship with Microsoft’s Knowledge Management/Intranet offering.  Alright, it may be more “hate” than “love” if you tally the votes. Management wants it to solve all their organization...

Read article

Having Doubts About Your Cloud Migration?

Are you confident that you will get a strong return on your cloud investment? Do you have a plan, but are unsure of its feasibility and true cost to your organization? There’s been a lot of discussion this year in...

Read article

Introducing the Nonprofit Solutions Framework

  Artic Consulting has developed the Nonprofit Solutions Framework, a comprehensive blueprint for a modern nonprofit organization’s operations and use of technology.  Given the current landscape in 2021, nonprofits need to digitize their operations and apply modern technology to maximize...

Read article