You already know that data storage and security matters. What you may not know is the stakes are higher today than they were even just a few years ago. And it’s not simply the fact that more sophisticated threats appear on a regular basis.
There’s also the need to comply with new regulations that have gone into recent effect. If your business has an international presence or even attracts customers or visitors from around the world, these regulations will affect how you store data.
Here are some basics you should know about GDPR and what you can do to store and protect proprietary data in order to keep your small business out of trouble.
What is GDPR?
The General Data Protection Regulation (GDPR) is a series of guidelines designed to govern how data is collected, processed, and stored. While the primary focus has to do with companies that collect and retain data from those living in the European Union, don’t assume that it only applies to businesses with a physical presence in the EU.
If your operation – including the web hosting for website or store – is based outside the EU but does business with consumers within the European Union, GDPR applies to you. Even if you don’t target EU citizens specifically but end up having some provide personal data to your company, the regulation still applies.
The Goal: Consumers Control Their Own Data
There are several GDPR requirements that pertain to data management, security, and disclosure. One of them has to do with notifying users of data breaches. As a business, you have 72 hours to report the breach to the proper supervisory authority. In the United States, the proper authority is based at the state level. If you do business in all 50 states, that means reporting to authorities in each of those states.
Consumers also have the right to request that all their data be forgotten. In other words, you are required to organize the data so it can be wiped from the system if they submit a formal request. That means you must track the proprietary information related to each consumer and be prepared to eliminate it from all records.
How Does It Affect My Business?
The GDPR impacts the way that your company receives, uses, and stores data. For example, you must receive consent from users to utilize their contact information for things like email campaigns, text advertising, and other methods of reaching out. That may mean you need to alter the forms and processes for your method of collecting data and obtaining permissions for opt-in lists.
You’ll likely need to take a second look at the way you store, sync, and archive data. Even if you think that your current approach works well, there’s a chance it can be improved. By reading the provisions within the GDPR, it’s possible to determine if your current precautions are enough or if it’s time to make some upgrades, additions, or changes.
GDPR and Privacy Tools
More than 25% of all online users access the internet through a privacy tool known as a virtual private network (commonly called a “VPN”) in order to insure maximum data privacy and personal anonymity. It’s an industry on the rise and one that would seem to be greatly in favor of the new regulations regarding customer-centric data handling.
The issue of contention is activity logs. Most VPN providers claim they keep no logs but only a few actually can uphold the standard, often through no fault of their own. Governments and law enforcement agencies may force them to keep track of who uses their service, when, and where they go online, then cough up the information on request.
With GDPR in affect, though, keeping activity logs might become a thing of the past. Until we see how this shakes out, though, expect to see the new regulations run up against opposing regulations from countries like the US, China, and Russia.
Business owners should read VPN reviews from a variety of sources, focusing in particular on whether or not the recommended providers maintain activity logs and where their servers are located (inside a restrictive country or not?). If you already subscribe to a service, check their privacy policy for details on how they handle data. The bottom line is that your business is only as secure as the vendors you use.
If you’re interested, here is the growing list of countries that have outright banned the use of VPNs.
What Options for Data Storage Should I Use?
One of the more common mistakes that business owners make is assuming that one non-network depository for data is enough. In fact, there’s what’s known as the rule of three. In other words, you want to implement at least two solutions for storing data off your network as well as maintaining it on a network. Remember the methods you choose must keep future storage needs in mind, as well as how it will help you manage the stored data.
Cloud Storage
Cloud storage is an excellent option for data storage and protection. While many business owners choose it in order to have access to the data no matter where they happen to be, the protection aspect matters too. If your primary system is breached and the data is corrupted, the ability to retrieve it from the cloud and have your network up and running again quickly helps reduce inconvenience to your client base and operational downtime.
Security is key when finding the right cloud vendor. Along with a login process that’s difficult for hackers to break, you want to know that the vendor is taking appropriate measures to prevent a data breach. Reputable providers should be happy to talk to clients about the ways they keep data safe.
External Hard Drives
As old-fashioned as they may seem, there’s still a place for external hard drives in today’s world. Routine backups, much like companies used to do with tape backups, ensure that even if a breach occurs, only data generated since the last backup is subject to loss. Even if the hacker alters or otherwise corrupts the data residing on your server, you can clear the server and restore everything using the external drive.
Secondary Servers
The use of outside storage does not eliminate the need for a backup server in-house. It’s easy enough to wall off the second server in the event the primary server is breached. That allows your team to contain the problem before shutting down the corrupted server and switching all functions to the backup. If the primary server is a total loss, the restoration process is a lot easier. You may be able to resolve the issue before any of your clients are affected.
USB Drives
If you’re not sure if using an external hard drive will work, there’s another storage approach you can use. That involves using a USB or flash drive to back up proprietary data. This solution is portable, easy to use, and can be tucked away in a safe place. While it can be inconvenient to store them off site once a backup is done, the fact that they are self-contained and highly unlikely to be affected by a breach makes them a good option.
Remember, two storage methods are not enough. If that’s all you’re using, bump it up to at least three. All it takes is one data breach to make all the effort worthwhile.
Final Thoughts
Remember that data breaches are costly in more than one way. Inadequate protections could trigger fines and other forms of censure. They certainly have the potential to harm your company’s reputation. Complying with GDPR standards will reduce the risk of losses that could affect the company for a long time to come. Now is the time to make sure you thoroughly understand GDPR and determine what you need to do to remain in full compliance.
Dan Fries is a freelance writer and full stack Rust developer. He looks for convergence in technology trends, with specific interests in cyber security and micromobility . Dan enjoys snowboarding and is based in Hong Kong with his pet beagle, Teddy.