Open menu
Resources & insights

GDPR compliance: how to overcome 4 of the toughest challenges

While 71 percent cite ‘the right to be forgotten’ as the most challenging GDPR compliance regulation, there are further, tougher obstacles on the horizon.

As well as urging businesses to keep in-depth data records, the GDPR demands companies take steps to safeguard their customers’ information. For your business, this may mean investing in improved software and infrastructure.

In this blog, we guide you through five GDPR compliance regulations and highlight the cloud-based solutions that will help you keep things in check.

GDPR compliance rule #1: No third parties

The GDPR states that data processors must only use data for the purposes the user has paid for. This means data usage must be transparent and customer data should not be sold to a third party without clear consent.

No more data hoovering (without consent)

In 2017, the public was understandably alarmed when they discovered that Roomba, the vacuum cleaning company, were using their robotic devices to map customer homes.

The implications of this discovery are worrying and raise the question of consent and data ownership.

While Roomba denied plans to sell the data, many remain unconvinced, concerned that their personal details have an increased chance of falling into the wrong hands.

Compliance in the cloud

When using Office 365, you can rest easy knowing that Microsoft will not mine your data for advertising purposes, or sell it to third parties. Using services such as Lockbox gives you unprecedented control over your customers’ records wherever they’re housed.

GDPR compliance rule #2: Data portability

GDPR states that all EU citizens have a right to data portability. This means that all software must allow data to be directly transmitted to another business at the individual’s request. Further to this, transported data must be easily readable and specific elements extractable. The use of open formats such as CSV files are recommended.

Compliance in the cloud

Making your data portable is more complex than it sounds. Companies with large datasets may find themselves wading through data lakes in order to transfer a customer to another provider. Thankfully, Master Data Services on Microsoft Azure simplifies your data organisation, allowing you to effectively group data into models and create logical rules for extraction.

GDPR compliance rule #3: Malware and Ransomware protection

GDPR compliance is a direct result of an influx in data breaches endangering EU citizens’ data privacy. While the causes of these breaches range from purposefully leaked files to improper disposal of hardware, many start with phishing attacks.

Beware the phish

The Data Breach Investigation Report found that 66 percent of malware linked data breaches can be linked back to phishing attacks. This means that if you open a malicious email you could be endangering your customers’ private data.

Compliance in the cloud

Having up-to-date malware protection is essential if you want to make your software GDPR compliant. While you may think your Antivirus software’s got you covered, multi-layered security is the best way to protect against attacks. Azure offers over 40 security certifications, the most comprehensive set of any cloud service provider. These include:

  • 24 hour physical security.
  • Centralised monitoring and alerts.
  • Penetration testing.
  • DDoS Defence.

Office 365 also includes Advanced Threat Protection, which protects your mailbox by evaluating content and alerting you to malicious attachments before you open them.

GDPR compliance rule #4: Reactive software

When dealing with potential data breaches, a speedy reaction time is essential. Under the new GDPR compliance laws, businesses have just 72 hours to report a data breach.

Many companies which have fallen victim to such attacks have been criticised for failing to react to the threat in a timely manner. This includes tech giant, Uber.

But how can you ensure your own data security is more proactive?

Compliance in the cloud

Azure Security Centre is constantly on the lookout for new security threats. Using behavioural analytics and statistical profiling, the Security Centre can alert you to any suspicious activities as they happen, allowing you to react to threats quickly.

(The Azure Security Centre dashboard allows you to monitor and respond to malicious activity in real-time. Source: Microsoft)

Ensuring Privacy by design

With the GDPR deadline looming many businesses are asking:

‘How can I make my data software compliant to the new rules?’

But we feel this is the wrong question. GDPR’s sole purpose is to force you to think differently about your customers’ data and to value data privacy above all else. Therefore, we urge you to ask instead:

‘How can I offer my customers the best data privacy?’

The answer does not lie in forcing compliancy in your current infrastructure, but instead seeking out quality services that implement ‘privacy by design’. Microsoft Azure is the perfect example of this philosophy, with compliance and security built into the cloud architecture. You can also integrate your own security and networking policies for added protection.

To discover how the cloud can help get your company get GDPR compliant, check out 10 questions you should be asking today.

Topics: Cyber security

Related posts

Blogs

Azure vs AWS: Which cloud packs the biggest clout?

Read more

Blogs

How can law firms stop unauthorised sharing of sensitive documents?

Read more

Blogs

These real-world data breach examples will make you rethink your data strategy

Read more
Back to resources & insights

We’re here to help

If you want to achieve better outcomes for your business through a more intelligent use of technology, talk to us.

Contact us