Reliability, it’s one of the most important things for the customers of any business or service. So as a service provider, we at City Dynamics are ensuring that we’re leading the way when it comes to ensuring that our customer data is secure. Whether you utilise CRM, ERM or GP to store and manage your data, GDPR’s new rulings will require you to ensure the customer data you’re responsible for is protected by all the appropriate regulations. We’re here to tell you all about how we ensured that all our systems remained GDPR compliant.
Discover, Manage, Protect, Report
First, we knew we had to evaluate the areas where personal data exists, how it can be accessed, how it is protected and how we can report on it. We function on the principle of ‘least privilege’; whereby only those whose jobs directly involve that information are provided access. It sounds simple enough but over time, when clients have our primary focus, the internal procedure can sometimes be overlooked. We’re actively ensuring that all our data access is reviewed and addressed to ensure it remains GDPR compliant.
Encryption is a vital aspect of data security in today’s world of seemingly constant data leaks and hacks. Like many modern companies within the tech industry, we conduct most of our work from within servers run and operated by our clients, meaning their data never leaves their control and remains within their established safeguards. However, as our work is conducted largely on laptops carried from site to site, we know there’s a risk of loss or theft. To cover this, we utilise the BitLocker encryption suite provided through Windows 10 to ensure the vital data remains secured and out of the wrong hands.
We’re also constantly evaluating and producing audits for all our systems, in order to consistently handle the route of any data through the tools we use. Under GDPR, individuals have the right to request a copy of their data and should expect this to be delivered in less than 1 month. It’s going to be extremely important to easily access, correct or remove data on request. We’re already working on some custom tools in Dynamics 365 to streamline the process along with some great features coming up from Microsoft.
We love our clients and we want to look out for their best interests. VPNs and services like Citrix are great, they give us the ability to support and collaborate remotely when visiting them isn’t workable. Sometimes, the best practice isn’t followed when giving us access; we’re going to be actively speaking to clients about how we access their systems with the goal of complying with their internal GDPR obligations.
This is just the start of our GDPR journey, we’ll be posting more in the coming days and commenting on some of the challenges many professional services companies will be facing over the next 8 months.