GDPR compliant secure enterprise messaging

With GDPR in full effect now, a GDPR-compliant Enterprise Messaging is no longer a recommendation for the enterprises doing business in Europe – it’s a necessity.

With these key changes coming in place, it is evident that enterprises doing business in EU would need to take appropriate measures to protect the data of their customers and stakeholders. With the proliferation of smart phone and more and more enterprises allowing BYOD (Bring Your Own Device), enterprises must be more vigilant about their communication – both internal as well as external. Several studies have shown that a large number of employees use consumer-grade messaging apps to communicate official information, which can be a huge risk for the enterprises.

This has led to the likes of large enterprises like tyre giant Continental banning consumer apps like WhatsApp and Snapchat on company devices.

In addition to leakage of confidential company information, data breaches and privacy breaches, the hefty penalties under the GDPR regulations are making enterprises look further into their mobile messaging communication. It becomes inevitable for the enterprises to look for an alternative – A GDPR Compliant Secure Enterprise Messaging App.

How Secure Enterprise Messaging Solutions relate to GDPR

1 )Right of Access: GDPR allows consumers the right to obtain data a company has from them. An enterprise messaging solution should provide an intuitive, searchable archive should the data need to be provided. This is a typical feature lacking with consumer apps.

2) Right of Erasure: Consumers have the right to have data removed and deleted. If customer data is being shared via WhatsApp or other consumer apps, how will the data be deleted if requested?

3) Rights of Data Subject: Consumer data should not transfer outside the EU. An enterprise messaging solution should allow the company to store all data on-premise or within the EU exclusively.

4) Data protection by design and default: Pseudonymisation is an important part of GDPR. Only with industry leading, high level of encryption is customer data ensured to be secure and pseudonymised.

5) Conditions for Consent: Consumers must give consent to the enterprise to use their data. Consumer apps typically search an employee’s phone book, transferring client data without consent and also potentially outside of the EU.

6) Choosing a GDPR Compliant Secure Messaging Solution

There are many factors to consider when choosing an enterprise messaging solution such as:

  • On-Premise or Cloud Based
  • Closed User Group for internal only or also allowing external partners & clients
  • Compliance on top of GDPR such as ISO27001, HIPAA, FINRA, etc
  • Archive availability of the solution
  • Flexible retention period for data storage

Regardless of your requirements, it is key that at a minimum you have the key GDPR components covered to avoid an unforeseen compliance risk. With NetSfere we have developed a secure messaging solution that enables enterprises to have flexibility and usability in their messaging while being able to effortlessly comply with administrative, physical and technical safeguards of the Security Rule and other Data Protection requirements mandated by GDPR.

GDPR Summit London is taking place 25th June at 155 Bishopsgate. The conference is an all-day event with industry leading experts, covering a range of topics in three keynote theatres. For more information about the event, please visit the website.

Infinite Convergence Solutions will be exhibiting on stand 25, come and visit the team to ask questions and find out more about their GDPR Secure Messaging Solutions.

 

By Scott Crowley, Sales Director, Infinite Convergence Solutions


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/