Ensuring that email data is compliant with GDPR regulations

Register now

The countdown is on. With less than four months until the General Data Protection Regulation goes into effect, time is ticking for businesses to get their email security and archive solutions ready.

By May 2018, any organization handling E.U. resident information will be responsible for maintaining compliance within GDPR – and email is often an overlooked component. More than 90 percent of cyberattacks start with email – whether it’s from customers, partners or colleagues, organizations collect hundreds, if not thousands, of emails that contain personal information every day.

Considering the current cybersecurity landscape, none of that data is safe – even your deleted files. And all of it is vulnerable to attack, which ups the risk for getting hit with noncompliance penalties.

So, how can your business ward off hefty fines and ensure compliance? For starters, make archiving an essential part of your compliance plans.

Make archiving an essential part of your compliance plans.

When GDPR goes into effect, organizations will need quick and easy access to their email – both current and historical files. This includes trashed and archived emails, which aren’t always simple to find.

However, the archiving solutions of yesterday are outdated; they’re difficult to use and extremely time-consuming. For most businesses, email first-pass review isn’t going to cut it.

Recent Vanson Bourne global research found that 56 percent of respondents are plagued by slow search performance, with 50 percent claiming archive searches can take up to five minutes. Of that, twenty percent say it can take as long as 10 minutes. While first-pass review is an important part of the eDiscovery process, there are strict deadlines and more priority tasks to be tended to, meaning the amount of time and admin can spend reviewing and searching is tight.

Fortunately, architecting a security, privacy, and governance solution for email can be fast and simple. Use the following checklist to ensure your archiving solutions are in top notch shape before GDPR is here.

Consider the chains of custody

Audit trails, referred to as “chains of custody” by some, are an essential piece of the puzzle when it comes to rounding out your archiving solution. It’s important to know who owns, moves and accesses archived data to quickly recall specific files. Be sure to keep track of the five Ws (who, what, where, when and why), so you can easily identify the location and contents of potentially private or personally identifiable information in a jiff.

Determine who holds the keys to the castle

In a time crunch and can’t access the files you need to? Archiving solutions should make it simple for users to approve (and disapprove) who has the ability to directly access and recall specific files. In today’s mobile world, being able to securely recall those files via email, the web or mobile without breaking a sweat can decrease search times, improving overall search capabilities.

Leap to the cloud

Has your team moved to a cloud-based solution yet? If the answer’s no, you’re not alone, but you may soon be. Cloud adoption is up – and archiving is becoming a popular use case. Today, utilizing the cloud for archiving solutions saves the budget and your employees time. And in the future, unified access to a cloud-based archive will pay benefits in business intelligence and analytics. So, say goodbye to the days of updating outdated hardware and increasing storage capacities, while still keeping that data protected.

Make teamwork a priority

Think the IT team is responsible for archiving? Think again. Everyone in the organization, from the C-level down, should be involved in the process. Teams must work together to define each of the different files that are being archived, and determine their sensitivity and retention period to develop the best protection plan. Without this collaboration, there’s a good chance files will go “missing.” And getting them back will require extensive resources – time and money – to recover.

As the GDPR deadline looms closer, use this checklist as a basis to ensure your organization is prepared. After all, you don’t want to be hit with any compliance fines. And your bosses, finance team, colleagues, business partners and customers will thank you.

For reprint and licensing requests for this article, click here.