Client Data Protection.  Why should you care? 

Posted on September 17, 2019 | Tags: , , ,
Vice President of Business Development

Katheryn started her career in the tech industry at a startup, eventually moving into a position leading the technology team at an internet search firm. She brings expertise in enterprise software, strategic sales, go-to-market strategies, Saas technologies and product marketing. A supporter of the arts, Katheryn is into museums and travel, especially to Disneyland, near her home in Orange County, California.

GDPR logo

Many have heard of the dreaded acronym “GDPR” and if you haven’t you most likely have been or will be soon affected by it.   

What is it?  The General Protection Regulation (GDPR) is long (99 Articles) and in a nutshell is a legal framework, setting guidelines for the collection and processing of personal information from individuals who live in the European Union (EU).  It came into effect in May of 2018, however many companies have not really considered the ramifications of GDPR and how it will affect their business. 

Even if you do not do business with individuals in the EU, you most likely do collect their data in some way, shape or form, and if so, this applies to you.  And starting to adhere to some of the guidelines will get you prepared for similar laws that are starting to pop up in the US (California Consumer Protection Act). 

And honestly, it makes you a good Corporate Citizen, showing you care about your clients information, privacy, and their trust in your organization.   

The main points to take away: 

  1. Be sure you have asked for consent to collect and store their data and be VERY clear with how you intend to use it.  You need to have a “lawful basis” to process the data, and only collect the information you absolutely need. 
  2. You cannot use the data for anything other than what you have originally stated. 
  3. Be sure you are adhering to standards and best practices for protecting and securing that data 
  4. If there is a breach, have a thoughtful and immediate plan to communicate the situation to your clients and remediation steps.  You must also make regulators aware within 72 hours of the event. 
  5. Users of your website as well as clients can ask for where and how their information is stored.  They can ask for a copy of it. They can ask you delete it.  They can ask you to correct or update it.  And they can ask that you discontinue or “pause” the use of your data, but not delete it.   
  6. Make sure other vendors and companies that you work with and possibly share data with are compliant and you have a clear agreement on roles and responsibilities with regards to the data you collect. 
  7. You must limit the storage of personal data for as long as necessary to achieve the purposes for which the data was collected.  
  8. There are some pretty hefty penalties that come with non-compliance or a breach.  This can be upward of hundreds of millions of dollars, based on the infraction and size of the company.  There is also a steep cost to your company’s reputation if you have a major breach or do not disclose how you’re using clients data. 

Having a plan, using the built-in tools and technology (many come with products such as Azure and Office 365), and being extremely cautious with your clients data is not only good idea from a compliancy standpoint, but keeps you ahead of the curve in future laws and legislation that is eminent in the US.  

My initial suggestion would be to have someone in your organization start putting a Data Protection and Compliancy plan together and designate someone or a team as point of contact should your clients have questions about the data you store for them.  Don’t just say you care about protecting your clients and their data, really do it and champion it within your organization. 

Reinvent your business.
Win the future.

At Artic, we absolutely love partnering with great people. Whether you want to have us jump in and help you with your business, or would like to join ours, please send us your information and we’ll get in touch.

Industry Analysis

Get our expertise and views on business growth
and cutting edge technology.

Streamline Your Grant Management Process

There are many complexities and challenges in managing grants for a Nonprofit. Several dates and deliverables to manage, resources to organize, and grant proposals to submit! Grantors are asking for more details, more information, and if you are awarded a...

Read article

It’s Summertime! Baseball and Automation?

Yay! It’s nearly summer and that means we’re well into baseball season! Why does this make me think of building custom automation solutions (besides peanuts and cracker jack?)  Because, here in Orange County (where I am located), we are big...

Read article

Cloud Security and Governance

Are you sure your organization is secure and compliant? Yay, Cloud! With the rapid growth of cloud computing, businesses are expecting greater agility, scalability, and cost savings.  This also brings new challenges, two of the most significant being security and...

Read article