GDPR and Shadow IT: Two headaches

data protection law and shadow IT as problems

share post

On a day-to-day basis, companies live with a series of risks derived from the activity of their employees. Among them, one of the most important is the human one, that is, any type of management error or derived from a misuse of the tools that are available to them.

In the following lines, we are going to expose one of the risks faced by European companies or with activity in Europe and that it is in their hands to avoid it. We are talking about the GDPR regulation.

To address the issue we can start by asking ourselves a question, what is a security breach and what does personal data have to do with all this? According to the AEPD, a security breach is an incident that affects the personal data of different individuals. This incident, of a generally accidental nature, is an event that causes the loss, alteration or unauthorized access by a third party to these personal and sensitive data. In other words, all European companies are constantly exposed to a breach of regulations due to malpractice, carelessness or the use of incorrect tools by employees in their day-to-day activities. Other possibilities are the loss of physical devices, such as pen drives or other information storage systems.

But if there is a phenomenon that affects the company in an important way, it is related to technology. The phenomenon of shadow IT or parallel IT is a phenomenon faced by organizations of all sizes. Shadow IT refers to all the technology that, consciously or unconsciously to corporate control departments, coexists on a day-to-day basis to meet the needs of employees. Examples of shadow IT would be from private cloud storage applications such as free personal Dropbox or Box accounts, personal clouds such as OneDrive or Google Drive and the icing on the cake, which are usually tools for exchanging large files as it would be WeTransfer.

These aforementioned tools are a danger to both the company's proprietary information and the company itself. In general terms, the risks are as follows:

  • Storage of information in a delocalized way, outside the scope of IT and in locations not controlled by the company. Or put another way, ignorance of what information resides in corporate systems, what information is on external servers and in what locations its cloud is located. This is a great risk if we also add that it is not only an action carried out by an employee, there are companies in which there are tens of thousands who work with these types of free software.
  • Ignorance on the part of IT of what those shadowy software companies can do with the stored information. In other words, many of the free tools that satisfy this type of need under their conditions is the right of access for commercial purposes and data extraction for third parties.
  • Ignorance of what security conditions are stored. And this is the main risk, not knowing where the information is stored and under what security conditions. In other words, it is one of the reasons why companies suffer security exfiltrations, due to loss of data control.

How to end these headaches?

Today, in a world marked by the pandemic and the new teleworking scenario, there are many security managers who must guarantee the security of information in their organizations. Remote work and COVID-19 have completely changed the agenda of the CISO and its plans for 2020. Now, organizations have the need to adopt new channels and establish new formulas to guarantee information security in the workplace. modern and decentralized workplace.

To alleviate this need, many organizations are making Tranxfer available to their workers as a secure tool that integrates advanced security policies and complements "traditional" methods such as email. With Tranxfer, organizations stop worrying about the security of home network connections or the "invisible" use of shadow IT by employees from home.

With Tranxfer, non-compliance with the GDPR is avoided thanks to its advanced security policies focused on the minimum exposure of information, encryption and layers such as antivirus and DLP, as well as traceability and control of transfers.

How can a breach of the regulations harm?

To begin with, non-compliance with European data protection regulations brings with it economic consequences caused by sanctions that carry, depending on the size of the organization, from 10 to 20 million euros or between 2 and 4% of the turnover volume. company annual.

Without forgetting the most delicate, those related to reputation. Its impact, incalculable value, can harm a brand, discrediting it and causing it to lose its market value, so we would talk about much more serious consequences that can lead to business interruptions and even loss of customers.

How to avoid these risks? We make Tranxfer available to all organizations, regardless of their size, to guarantee the secure flow of information exchange and guarantee teleworking in optimal conditions without worrying those responsible for security and technology about the use of non-corporate tools and shadow IT. .

Do you want more information?

get on contact us and try Tranxfer for free for 15 days!

Try now Tranxfer

Looking for help? Get in touch with us

More articles