The GDPR announcement took the world by storm—there was hardly a businessperson not talking about the legislation just a few months ago. Courses, training and compliance programs; new professions titled “GDPR officer” —that’s how far it went.
That has left business owners to believe that GDPR was a tech-related issue, something for the I.T. department to deal with. “Give it to Joe the computer guy” was the name of the game.
In reality, GDPR spans across the entire organization, and soon, the official notices will start coming in. You don’t want to get one of those notices.
The biggest threat of breaking the GDPR is actually not about tech at all—it’s about your company’s staff doing something they shouldn’t, or not doing something they should.
One of the most common GDPR pitfalls for companies is the employees using shadow software, instead of the one purchased and recommended by the company. Your team members might opt out of the digital tools considered standard at your company and instead use Trello for project management; Slack for communication; Dropbox for file sharing.
These options might be more convenient, yes; but they might not meet the security and privacy standards dictated by GDPR. In fact, the British agency MI5 recently exposed counter-terrorism communications and reports through a public Trello board. The files could be accessed via simple Google search.
Make sure you always use the latest versions of the software, too. Old iterations might not be updated according to the latest GDPR standards.