How to Get To Grips with Data Management and Security For Your Business

Modern businesses handle a lot of data with volumes growing exponentially. As companies strive to keep pace, the challenges of better managing and protecting data, as well as making it more accessible without compromising security, is ongoing. Here’s how to get to grips with data management and security for your business:

Data restrictions related to regulatory compliance and governance must also be taken into consideration when storing and organising data.

Understanding Your Data

Businesses must gain an understanding of what data requires protection and the appropriate level of protection. This involves knowing where your data resides. It involves knowing what the data is. It then involves determining appropriate categories for that data, identifying its various levels of sensitivity, and outlining procedures that allow appropriate employee contact with that data. If this is done, the business is, in effect, operating within a framework of good data management that will also greatly help in operating within a framework of compliance if the data is regulated.

Companies must understand what data needs to be protected and classify data based on sensitivity. At a minimum three levels classification are needed.

Recommended Reading: 5 Key Things About Data Not to Miss in the GDPR

1. Restricted

This is the most sensitive data that could cause great risk if compromised. Access has to be very controlled, restricted and monitored.

2. Confidential or Private

This is moderately sensitive data that would cause a moderate risk to the company if compromised. Access is usually internal and restricted to the department or team that owns or controls the data.

3. Public

This is non-sensitive data that would cause little or no risk to the company if accessed

By understanding what you’re trying to protect, and creating a strategy to protect each level of data appropriately, companies can adequately secure and gain control over their data.

The strategy needs to take into account where data is stored, its security levels and access levels with choices such as storing locally or in the cloud, encryption levels for data with different sensitivities and the ability to manage admin and access rights to different levels of data. Sharing data with different levels of sensitivity over public networks also needs to be factored in.

Recommended reading: The Costs of a Data Breach May Shock You

Here are 7 simple steps to get to grips with your data and how you manage it.

1. List all the locations your data is stored

Start with making a detailed list of where all the data is stored. Having this also means that if you get a Subject Access Request (SAR) as you’ll need to pull all the customer’s data for the request, you’ll be able to do this more easily knowing where everything is.

2. Audit what data you have

Now audit all the different data you have in those different locations. What data are you keeping on customers, do you need it all?

The GDPR has a principle of “purpose limitation”, under which personal data must only be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes” so you should only be collecting what you actually need. So at this point look and see where you can reduce the data kept.

3. Decide on categories for your data

Break out your data into sensitive, confidential and public.

4. Decide on the appropriate level of protection and access for different levels

If you have sensitive data how are you going to store it so it is completely protected? Who is going to have access to different levels of data?

5. Write down procedures for employee / supplier contact

Staff training is essential to make sure every employee that has contact with personal data knows what is expected in terms of security, sharing, and particularly important that they are not taking home data on laptops or USBs when they shouldn’t be.

If you work with suppliers to share data, create procedures that cover the sharing to ensure it’s done in a secure fashion.

Recommended reading: 6 Things To Keep in Mind If Using Dropbox Post GDPR

6. Put in place a data solution to manage data access, tagging etc

In order to be compliant, you should look at a data solution that allows you to manage data access easily, that allows easy tagging of data, that shares data securely, that keeps it encrypted at rest as well as in transit, and that has automatic data retention built in so you don’t need to manually manage this.

7. Make sure audit trail is in place

Finally, make sure you have audit capabilities to show exactly when data was stored, who had access to it, when it was shared etc. So that you can have confidence if you are audited for GDPR compliance, or if you have a data breach you can take action quickly.

Benefits of Good Data Management

Done right, this process provides insights into the types of data within your company, where data is stored, its sensitivity, and how it’s accessed and protected. It is increasingly important for enterprises that must maintain strict compliance with regulatory requirements.

Having a process in place will also help secure control over data. It makes an organisation’s data more organised and streamlines the process for employees and other users to quickly and appropriately access the correct information. In the event of a data breach, for example, it will guide reporting efforts by providing detail on what level of information was exposed.

Having good data management will help you focus on data that matters.

Recommended Reading: There May Be Some Surprising Benefits of GDPR

Rinodrive is a packaged solution and comes with infrastructure, software and encryption already built and ready for use. It is easily deployed across your entire user base and is compatible with Windows, Linux, and Mac.

Rinodrive provides visibility into where your most sensitive data is located, as well as who has access to it, how it’s utilized, in what circumstances it is at risk, and provides ways it can be protected. It is data and format agnostic and works with all data and content both structured and unstructured. It can support complete compliance efforts by never missing sensitive data or inadvertently allowing it to escape your control.

How is your company handling data management and security? What have you put in place for Subject Access Requests? Tell us your thoughts in the comments below. 

Join our conversation ‘all about data’ on Twitter and LinkedIn. And keep up with what’s going on in the world of data by trusting us with your email for monthly mailings (and we store it on Rinodrive so it’s super safe).