Compliance in a remote-working world
Remote working has grown significantly as cloud-based, mobile technologies have matured. Its association with work-life balance, championed by millennials who now make up more than half the global workforce, has seen organisations race to embrace it, not just to save costs on office space but also to attract the best talent. Millennials even prioritise it over job security, a YouGov study found.
Before the coronavirus pandemic forced organisations to enforce remote working, many for the first time, the number of people who work from home had already increased by 140 per cent since 2005, according to research by Global Workplace Analytics, enabled by the ubiquity of fast internet connectivity and cloud security services.
But creating a work-from-home policy means more than allowing systems to be accessed remotely. There are also numerous regulatory requirements that companies should adhere to.
In line with the European Union General Data Protection Regulation (GDPR), privacy is a particular consideration. Organisations must ensure the personal data they collect and process, not just on their own behalf but that of their customers too, is kept safe and secure.
Yet while most do have processes for ensuring such requirements are met when employees work remotely, governance and compliance have generally taken a backseat to getting and keeping people working wherever possible and appropriate during the pandemic.
“This is particularly the case for small and medium-sized businesses,” says Darren Wray, co-founder of Guardum, whose data compliance discovers, classifies and protects personal and commercially sensitive information across the enterprise. “There has been a spike in GDPR non-compliance during the COVID-19 crisis as companies have been forced to enforce remote working with no notice and without the necessary regulatory knowledge.
“Changing to a management style that enables remote working is hard enough, but you also need to build policies and processes that maintain governance standards while staff work from home. Many companies are realising they need to do this to improve their resiliency in this new world, but it’s challenging enough without also having to ensure your staff have the training and awareness of security and privacy issues.”
The pandemic has triggered an increase in phishing attacks as hackers have looked to exploit employee vulnerabilities while working remotely, as well as the makeshift changes companies have made to their technology and business processes. This has made organisations even more at risk to cyberthreats at a time when they are arguably least prepared, leaving them exposed to huge damage to their business and customers.
Any company failing to maintain the privacy and protection of the personal information they process risks losing contracts, reputational damage and in extreme cases hefty fines from the Information Commissioner’s Office. Violating GDPR can leave companies with bills up to €20 million, or 4 per cent of the annual global turnover of the preceding financial year, whichever is greater.
Guardum’s technology can remove sensitive information, while leaving documents and their content intact, reducing the amount of personal data that needs to be transferred home
“Much of this could have been avoided by companies investing in better training and awareness prior to the pandemic or including this as part of their crisis response,” says Wray. “Instead many businesses have been found wanting in this regard and in reactive mode. It’s crucial they now work to ensure they know exactly where sensitive information sits in their organisation and set out to isolate and protect it.”
Through its ability to locate and protect every piece of sensitive data within organisations, whether they’re aware of its existence or not, Guardum helps companies to comply with data privacy regulations while promoting remote working. Guardum’s technology can remove sensitive information, while leaving documents and their content intact, reducing the amount of personal data that needs to be transferred home.
The company works with organisations to fulfil their GDPR obligations through the use of its semi-automated DSAR (data subject access request) software, which helps them comply with user requests to access or delete personally identifying information they store on individuals, as mandated by GDPR and other regulations. Guardum has the only solution that can fully meet the DSAR challenge of responding in the tight 30-day deadline, giving organisations back control, time and money lost using other solutions.
Guardum supports privacy by design, whereby data privacy is engineered into business processes during rather than after design, eliminating the need to retrofit compliance tools. Its machine-learning approach, combined with advanced search processes, means it saves its clients time and effort while increasing the accuracy and efficiency of performing a DSAR or protecting their personal information. Its digital mailroom solution, meanwhile, enables employees to receive their mail wherever they are in the world without having to come into a central location just to collect the post.
“Our software also has the ability to process information 24 hours a day and still be as accurate in discovering and redacting personal information as it was in the first minute. The same cannot be said when processing manually,” says Wray. “We scan for personal information as soon as it hits the system and automatically offer protection through anonymisation or redaction, ensuring speed, accuracy and compliance.”
As countries emerge from lockdown, people will return to offices and there will continue to be a need for human contact. But having seen how efficient and effective their workforce could be at home and with the opportunity to recoup some of the costs spent implementing and upgrading their capabilities, organisations are likely to be emboldened to embrace remote working to a greater degree than they did previously. The ability to locate and classify sensitive data will be crucial in doing so safely.
“Despite the reservations many naysayers have previously put forward, to a large degree remote working has proven to be a success and businesses have continued to run,” Wray concludes. “When it comes to improving business continuity and the part remote working plays in this, organisations will be required to be more resilient and less geographically dependent than they have been. At Guardum, we can help them on that journey, ensuring they are compliant and protecting sensitive data.”
For more information please visit guardum.com