This week, let's think about the number of places in which our data are stored. It stands to reason that the fewer places this can be, the easier it is to make sure they are secure. It is also good for our business as the fewer intances of any record that need to be kept up to date, the more likely we are to have good quality, up to date information in our database.
Stop and have a quick count up. In many cases, persobnal information may be held in an office database, the enquiries log for our web site, one or more mobile phones, an ipad or tablet, a laptop, an iCloud account and on paper. Then there are the backups of any or all of these. It starts to become clear after a while that the loss of any one of quite a few devices could represent a data leak.
On the surface, a cloud account would seem to be the answer. You can cut the number of data repositories right down to one, which is accessed from any or all of your devices. That way, losing the device itself doesn't present a problem; just change the password on your cloud account and you are secure again.
However, not all things are as simple as just that. GDPR requires businesses to state where, and on what devices personally identifiable data are stored. With many cloud accounts, particularly 'free' ones, thnis information simply isn't available to us. This is going to mean the end of 'free' cloud accounts for many and draw people into paid for cloud accounts, where the required information is available.
So, how about alternatives? There are many.For example, you could create a Virtual Private Network, where your office computer acts as server for a single data source. This gives you control and you have all the information you need to satisfy GDPR requirements, but you have the security burden as well as additional costs for using a fixed IP Address, which is necessary to make connections to your VPN. There are also considerations of physical security, for example to prevent data theft through office burglary, hacking or embezzlement.
You could take the route of holding all personal data on removable hard drives that travel with you everywhere you go. This is OK if you work entirely alone, or want to access your data through different types of device. Again, there is the physical security aspect to be considered, as well as the potential for damage to devices through increased handling.
Choosing any of the above methods also requires a sound backup policy for disaster recovery and prevneiton of data loss. Don't forget though, that backups are not for ever. Backed up copies are also subject to GDPR constraints. For example, you mustn't keep backed up data for longer than the retention period stated in your compliance policies and statements. Also, the backup host has to be just as secure as the main data source. To make sure that data storage doesn't extend beyond the stated retention period, we recommend a 'snapshot' backup regimen, where a single backup copy is overwritten each time, rather than the incremental type, which is added to, therefore increasing your risk of holding overage data.
Not everyone knows this, but your web site offers an alternative that may be more satisfactory than any of the above. Every Village Websmith site, created since 2003, using Webinthebox has incorporated a contact management system, based on the database used for collecting web enquiries. It is held off site on a server that is known to us, is backed up every week as a snapshot, and has a team of engineers on site 24 hours a day. You have a named individual to use in your GDPR policies (me), and the option of Multi Factor Authentication. The data security is under constant review and should the worst case occur, data loss is covered by £20M professional indemnity insurance. In short, using the resource that is there will:
Give us a call, or click in the header of any page to email us for more information.
- Give you sufficient space for your data
- Incur no additional hardware costs
- Be as secure as any data centre
- Be backed up weekly as a snapshot, ensuring no overage data are kept
- Be restored to a new server immediately in case of hardware failure
- Be available to all your devices
- Allow the sending of personal, individual broadcast emails
- Be covered by professional indemnity insurance against data loss
- Offer the option of Multi Factor Authentication
- Represent the best possible value
See more news items in our blog.