Data Privacy by Design and Default Your Guide

Three Simple Steps to Avoid Legal Data Protection Actions


Digital communication is the new norm in all walks of everyday and business life, Communicating on a mobile device anytime anywhere has several positive attributes. While this is exceptionally attractive to companies, the world over, monitoring, and maintaining business-specific data has become increasingly challenging. Critical information often may be stored on an employee’s mobile device or with third-party processors.

During a litigation process or investigation, organizations are responsible for preserving all potentially relevant data even not maintained within the corporate walls can likely cost much resource time or money

How can you avoid the loss data which is created and stored outside of the corporate control? Below are a few steps companies  can use to achieve this and mitigate the risk of legal actions:

  1. Audit which communication platforms your employees are utilizing

In addition to text and email, employees are routinely collaborating on multiple chat and video platforms. It is essential that you determine how your employees interact in everyday business operations so that your organization can decide what is within or outside of their risk appetite. Some ways to achieve this are:

  • Circulating anonymous surveys
  • Scanning the corporate network and portable devices

Periodically audit and review the use of platforms to keep up with the latest communication trends. By maintaining this, it will keep your organization regularly informed about new and emerging data developments.

  1. Implement written policies

Every organization should have policies surrounding both corporate and personal devices used for business by employees. The procedures should first and foremost address what type of communication is allowed. Policies drafted to either limit the use of specific applications or ensured all business activity processed within the corporate infrastructure control. The policies should also address what type of data needs securely archiving in line with the corporate retention policy.

Governance and  BYOD and Data Discovery

Many organizations are adopting a “Bring Your Own Device Program,” which allows employees to use personal devices for work-related purposes. If your organization provides for  BYOD, you should ensure you have a policy that ensures organization ownership of all business data and gives you access to the device if it needs to be encrypted or wiped.

Have a clear compliance policy

Finally, it is essential to have a policy relating to the repercussions employees will face for failing to comply with these policies. To maintain and enforce these policies, organizations should invest in proper training and awareness programs to guarantee that all employees understand the policies.

  1. ​Review current contracts and amend if necessary

What if critical data shared with an independent contractor or third-party service provider? Your organization is mandated to review existing and new agreements with these entities to ensure information is protected. Ownership and access to data issued on the principle of least privilege. If any of this is not present in your current contracts, your organization should attempt to amend the agreements and make sure all arrangements are going forward to tackle these issues.

Sharing is caring!

error: Content is protected !!