Business owner: “We use files sharing and online collaboration tools with access given to people across the company, and sometimes externally. Are we still able to use these tools?”
The answer is: Absolutely. Online collaboration tools are pretty crucial to the way that most people work today, and I think there would be considerable upset if the law took them away!
That being said, you do need to pay attention to how these tools are being used, who is using them and what they are using them for.
Any reputable collaboration tool should have its own GDPR policy and you should familiarise yourself with that, so you know where responsibility lies and if that provider offers the levels of protection that you need.
If you are dealing with highly sensitive information, for example, you may want a more specialised service to really batten down the hatches. Once you’ve understood how your provider is handling GDPR, you’ll need to then look at your own policies.
Depending on the tools that you are using, how you deal with them is going to vary. If you are, for example, using a cloud storage platform that allows people to share, edit, download and upload documents, policies will need to be different to when you’re using more of a communications platform, like Slack.
However, in the end it’s basically the same as any other data you hold and it should be factored in to your data audit. What data is being stored or shared across these platforms? Who has access? Can access be controlled and access limited?
It’s also worth thinking about what employees are really doing. There are authorised collaboration platforms, then there are those that aren’t authorised like (believe it or not) Whatsapp.
We recently conducted a survey of 1000 employees outside of the tech and legal departments and discovered that 20 percent of people are using personal apps or web services to share company documents.
This is a bit of a nightmare for compliance and means that training is also critical. It is not enough to have GDPR best practice in place, employees across the organisation need to be aware of it to comply.
Talk to your employees about how they are using collaboration platforms and explain the ways that they can do so safely. Working with teams and making any policy as people-centric as possible is always going to be the best route, and that’s no different when it comes to GDPR compliance. There’s certainly no need to stop using these tools entirely.
GDPR doctor Neil Larkins co-founded Egress Software Technologies in 2007 and currently serves as chief operations officer, playing an instrumental role in shaping the strategic direction of the business, with particular emphasis on product and service development.