Safe harbour brings business security policies into sharp focus
Following the recent safe harbour ruling, business process technology experts, Aquarium Software has published three key tips for companies of all sizes to best review their use, storage and protection of key data. The recent ruling – which invalidates an agreement between the US and the European Commission that lets businesses transfer data on European citizens across the Atlantic – could see a shift in how businesses handle one of their most valuable intangible assets.
Managing Director at Aquarium Software Ed Shropshire, says that companies especially in the business to business (B2B) environment will have to be aware of their data protocols and responsibilities to ensure they stand up to regulatory scrutiny.
“In the first instance, companies will have to review their standard data security, storage and usage policies.” explained Ed. “It’s vital that auditable procedures are in place to ensure companies meet industry standards, whilst at the same time maintaining optimum business performance.
“As with any business plan, the first thing companies need to do is ensure they have a strategy in place for now and the future, making sure the plan is robust enough to stand up to an ever changing commercial and regulatory environment. The biggest challenge is making the model flexible enough so that new opportunities can be implemented and changes can be adapted with ease and without interrupting ‘Business As Usual’.”
Ed explains that considering your operating territories is something else that businesses can do to remain up to date and ahead of the data security game.
By considering markets and clients in advance, businesses can predict their needs and as a result of having robust policies and procedures, use this as a proactive springboard for sales and marketing activity.
“Before investing or even considering new markets, companies should perform detailed analysis on the data security opportunities and risks.” Businesses also need to ensure they are technically up to date, compliant, and aware of upcoming legislative changes, by doing their due diligence.
“Another vital point companies should take on board but often overlook is to never assume that their existing technical partner can operate in new territories,” said Ed. “International standards such as ISO can often be a good indicator that you have the right technical partner, but that is only the tip of the iceberg. Always check where and how data is stored, and review your supplier’s policy documents and Information Security Management Systems (ISMS). If they don’t have robust procedures, then walk away. And, don’t be taken in by the fact that some suppliers trade off the back of their data centres standards. Professional technology suppliers should be ISO certified in their own right.” concluded Ed.