How the GDPR Affects Your Internal Communications

How the EU GDPR Affects Your Internal Communications

As the countdown to the EU GDPR enforcement continues, organizations are frantically working to ensure compliance to avoid being shut out from doing business with the European Union. The General Data Protection Regulation aims to protect both companies and the consumers they serve, so non-compliance means there’s more at risk than huge fines.

Personal data protections affect outside business, but they also impact internal communication systems within organizations. Keeping an eye on both internal and external data privacy might mean changing your organization’s communication strategy and its software.

Information Lockdown

The GDPR overview covers users’ rights to access, rights to erasure of data, data portability, privacy by design, and even involves appointment and oversight of Data Protection Officers to track compliance. Transparency in data subjects’ rights, along with enhanced protections against security breaches, will affect how your organization handles information in the future.

Locking down sensitive information is a critical component of the GDPR outline. Here is what you need to know about personal information as it relates to internal communications.

The Definition of Personal Data

If your company regularly uses email or another platform for internal communications, you should expect significant changes in the way you use those media. According to GDPR guidelines, personal data is any information about a person or data subject that offers identification. This loose definition includes:

  • Names
  • Photos
  • Email addresses
  • Bank details
  • Social media posts
  • Medical information
  • IP addresses

If your employees routinely hold private discussions via email, forward medical updates to Human Resources personnel via attachments, or work remotely, the GDPR will affect your responsibility for that information. Still, these are only a few examples of information privacy concerns within organizations.

Communication Solutions for GDPR Compliance

Choosing communication solutions that are GDPR compliant protects users’ data by default. Both internal employees sharing personal information and workers processing client information will follow the same guidelines for information privacy.

Whether your business is part of the EU or not, clients and employees alike will recognize GDPR compliance as a sign that your organization takes privacy seriously. At the same time, acknowledging that employee communication, both on a personal and professional level, contributes to workplace morale is another component of GDPR adaptation.

Improved communication policies and platforms help employees connect and ease the often-complicated transfer of information. However, getting employees on board may prove the most challenging part of adapting to GDPR standards. Still, user-friendly services and integrations can help ease the transition, so choosing the right communication solution takes precedence.

Blocking Hacker Activity

Companies that fail to protect their employees’ and customers’ personal information face substantial costs in the form of fines and lost business if the breach goes public. Conforming to GDPR standards not only adds further protection from hackers, but also guarantees that your company maintains client trust.

The new regulations mean that information traveling online might require a specific type of encryption protection (like end-to-end), but many businesses need more than email to support internal communications. Confidential peer-to-peer communication is one component of organizational communication systems, but that security can extend to all areas of the business to conform to the EU GDPR.

Communication Guides Productivity

At a time when business truly is global, ensuring that your company’s communication methods support rather than reduce its productivity is a priority. In fact, improved communication and collaboration through social technologies can raise productivity by 20 to 25%, according to the McKinsey Global Institute.

At the same time, adapting to alternative communications that adhere to GDPR guidelines now means that when May 2018 rolls around, you’re ahead of the deadline in guaranteeing compliance. As a bonus, moving away from conventional communication methods frees up the time you previously spent clearing up misunderstandings due to lagging internal communications.

Employee Contributions to Communication

Although cybersecurity is a considerable concern for business owners, employees are often left out of the loop. Making sure that employees care about cybersecurity is the first step in adhering to the new privacy rules. Encouraging employee participation and feedback is a huge part of maintaining cybersecurity throughout your organization.

Your internal communications approach should consider employees’ needs and responsibilities. As you roll out new processes and guidelines to conform with GDPR guidelines, involve employees in the process. Create a communication policy that clearly defines expected employee behavior and notes any upcoming changes in communication platforms.

Making sure to highlight when and through which channels personal information should travel is the first step, but helping staff understand the intent behind these policies is essential, too. Soliciting employee feedback confirms understanding and clarifies any details. This goes a long in way in improving and securing communication.

Participation to Productivity

While taking the time to help employees through a transition in both procedure and software may initially detract from productivity, note that companies with high effectiveness in change management and communication are 3.5 times more likely to outperform their industry competitors. This comes from a study by Towers Watson which highlighted employee contributions as they impact an organization’s bottom line. The study’s findings illustrate an intricate relationship between internal communication, management guidance, and job performance.

Is your organization GDPR compliant? Download Beekeeper’s 31-Point Assessment to Ensure GDPR Compliance created by our Data Protection Officer to find out.



Ditch WhatsApp at Work, Avoid a €20 Million GDPR Fine

Ditch WhatsApp at Work, Avoid a €20 Million GDPR Fine

On May 25th, 2018, the EU will begin officially enforcing its new General Data Protection Regulation (GDPR) standards. This initiative aims to heighten personal data security across all businesses operating within or connected to Europe.

Risks of Non-Compliance

Despite the initiative’s roots, the GDPR’s impact will stretch far beyond the confines of the EU. Any hotel that hosts international guests, for instance, is subject to the new GDPR rules. In other words, to avoid heavy fines of up to €20 million, it is crucial for all international business owners to ensure GDPR compliance well before next year’s deadline.

As we sprint to the GDPR compliance deadline, many companies are doing their part to keep their workforce informed. Amanda Finch, Director of Risk and Compliance at Journyx, spoke to us about how GDPR will impact companies well outside of EU borders.

Finch states, “Any data you gathered from a person in the EU, regardless of where they actually reside, puts your company in the GDPR enforcement crosshairs. Can they really enforce these fines on non-EU companies? The answer is yes – they certainly can. In one example, the U.S. and the EU have agreed to a framework that permits enforcement against companies in the U.S. – a necessary step to maintain the vast amount of U.S.- EU trade.”

She goes on to ask, “Do you provide services to companies in the EU? Don’t rely on your knee-jerk instinct to assume that these penalties won’t flow down to you should those companies run afoul of GDPR. If your EU customer gathers personal data and sends it to you, you are as liable as they for their misdeeds, and subject to the same fines.”

Internal communication tools sit at the crux of many of the new standard practices enforced by the General Data Protection Regulation, so naturally, we want to provide you with as much information as possible to prepare.

As digital workplace architects, our team at Beekeeper is constantly optimizing our internal communication tools so your company and employee data remain secure. Today we’d like to talk about what GDPR means for ubiquitous international messaging tools like WhatsApp.

Why WhatsApp for Business is a No-Go as of May 2018

WhatsApp was never specifically designed for enterprise use, and the security risks of using a tool like this for official company business is well-documented. In addition to the fact that WhatsApp’s data privacy record leaves much to be desired, the app is also not optimized for group chat or collaboration. For non-desk workforces and busy teams who must collaborate on the go, this user experience is less than ideal.

Despite its shortcomings for corporate use, many international companies use WhatsApp as a cost-effective one on one messaging and conferencing tool. Under the new General Data Protection Regulation laws, however, the use of WhatsApp will count as a strike against businesses as it fails to meet the security standards that companies must uphold to avoid massive fines. WhatsApp violates the GDPR on several counts, including the Right to Access, the Right to be Forgotten, Privacy by Design, Data Portability, and Transfer of Data.

Achieving GDPR Internal Messaging Compliance in 3 Steps

Company content hubs should feel like a warm and lively gathering, not a ghost town. Carrying strong visual brand assets throughout your internal communications hub is a great way to encourage employee engagement and collaboration. Whereas a traditional intranet can feel as sterile and stark as a windowless chamber, the Beekeeper digital workplace suite can be customized entirely without robust assistance from IT or technical leaders in your organization.

In addition, the Beekeeper interface allows individual employees to customize things like push notifications and workflows, giving a more personalized feel to the workplace experience. In addition to increasing productivity, these interactive features and notifications also encourage higher levels of participation within the company culture, leading to higher levels of overall workforce satisfaction.

  1. Adopt and Adapt
    As May 2018 is just around the corner, now is the time to adopt an internal communication tool built specifically for enterprise—a tool that meets GDPR compliance and that will mesh well with your employee workflow. Adopting an ISO 27001-certified IT strategy is recommended. Before onboarding employees, be sure the new system is thoroughly tested and passes our GDPR liability test.
  2. Implement and Train
    As old habits tend to die hard when it comes to messaging and communication, it’s important to host formal trainings to ensure that employees understand how to use the new internal communication tool, as well as teach them why the shift is taking place to begin with.

    When deciding which internal messaging tool is right for your company, be sure to keep in mind that it should be mobile-friendly with an accessible and customizable interface. Really Simple Systems CEO Jon Paterson has employed a diligent internal communications strategy to keep his entire organization aware of not just adjustments to tool usage, but of GDPR’s high stakes implications for business.

    “Everyone who handles personal data – sales and marketing teams, accounts, HR, customer services – needs to be educated about GDPR.” Paterson shares, “We’ve sent a briefing note to all such staff explaining what GDPR is, how it affects the company and how it will affect them.”

  3. Maintain and Enforce
    Considering the massive financial risk of violating the General Data Protection Regulation rules, maintaining and enforcing GDPR compliance within your digital workspaces is of critical importance. As you retrain older employees on the new internal messaging tools and onboard new staffers, be sure to emphasize that using non-sanctioned messaging tools intended for consumers like WhatsApp, Viber, or iMessage is strictly prohibited, and that usage of any non-sanctioned messaging platforms could result in termination.
To ensure your internal communication tools don’t violate the GDPR and leave you vulnerable to fines, get a free trial of Beekeeper’s employee communication app that is already compliant.



new eu gdpr significantly impacts any hotel with international guests

New EU GDPR Significantly Impacts Any Hotel With International Guests

You’ve probably been hearing a lot of buzz about the EU GDPR. In case you want a refresher, the EU General Data Protection Regulation was designed to harmonize data privacy laws across Europe to protect citizens’ personal data and stand on a united front regarding every organization’s approach to security. It was approved on April 14, 2016 and companies are scrambling to comply since the regulation will be enforced May 25, 2018. Any companies that aren’t compliant will face heavy fines up to 4% of annual global turnover or $20 million Euros, whichever is greater.

If you work for a company outside the EU, you may think this doesn’t affect your data security standards—but think again. The GDPR doesn’t only affect companies in the EU. Any vendors and suppliers that work with countries in the EU must comply with the GDPR as well. This significantly impacts hotels as the majority have international customers, many of whom reside in the EU.

Beekeeper was recently featured on Asian Hospitality discussing the implications of the EU GDPR on hotels. Check out the full article to learn more about how this regulation affects your hospitality business.

Now is the time to assess your GDPR compliance and see what extra steps your organization needs to take to meet the deadline. Enter the form below to download Beekeeper’s 31-Point Assessment.


BYOD - how to manage employee demands and cybersecurity

BYOD – How to Manage Employee Demands and Cybersecurity

Allowing your employees to BYOD – “bring your own device” – is a cybersecurity concern, but you don’t have to let it keep your company from a secure cyberenvironment. Once you understand the benefits of implementing BYOD, you’ll be less hesitant to let your employees use their hardware to run company software.

In this article, we’ll discuss how to smooth over the tension between your employees’ BYOD desires like unrestricted access and your company’s cybersecurity needs, which are typically at odds with free-roaming device usage.

The two biggest factors we’ll discuss are employee education and smart policymaking, both of which rely on your tier of the company to do what you do best: take the lead.

Teach Your Employees About Cybersecurity

If we’re talking BYOD, we’re typically talking about smartphones. Your employees take their smartphones with them everywhere they go, and they’re amenable to mixing business with pleasure so long as the business portion doesn’t interfere with the operations of the device’s other uses. Therein lies the problem.

Smartphones, while the primary target of most BYOD initiatives, are also the biggest vectors for data leakage or loss, representing almost 70% of cases according to a cybersecurity trends report. If you want to prevent your organization from leaking data through every personal device’s sieve, you’ll need to control certain aspects of your employee’s devices.

Imposing control on employee devices is bound to make your employees unhappy, so you’ll have to use a lighter touch than a software-based lockdown. We’ll explain how to develop and implement a formal BYOD policy a bit later in the article, but first, we want you to realize the importance of changing your employees’ perspectives if you’re going to have a successful BYOD policy while maintaining security.

Your employees are more likely to implement reasonable BYOD practices if they understand the consequences of cybersecurity on the rest of the organization. BYOD can carry a risk to your employees, which you should be forthcoming about during your educational discussions.

The trick to BYOD is educating your employees that BYOD is a way for their device to peek into the larger corporate system upon which the entire organization relies. The scope of the peek—be it a keyhole or a cinema-screen—is directly linked to their ability to get the things done efficiently, while maintaining the security of the company’s data and the integrity of their device.

Depending on your industry, your educational regimen may be more technical, or more oriented toward non-specialists. Try not to throw the tech talk at the people who aren’t going to be interested in hearing about the technical detail. Instead, offer a few examples of good BYOD practices, a few examples of bad BYOD practices, and then showcase your company’s BYOD policy.

When showing examples, it’s important to link user behaviors to larger consequences. People respond best to realistic examples, so avoid scare tactics. Not every data breach caused by a BYOD-centric mishap is going to bring down the entire company, but be sure that everyone knows it’s a remote possibility.

By creating a workforce of informally savvy cybersecurity employees, you’ll be adding value to your employees’ skill set and providing them with tools to be vigilant while using their devices.

Create A Smart BYOD Policy

Now that we know the solution to BYOD issues is an explicit BYOD policy and an informal, yet detailed educational program for your employees, what are the concrete steps your company can take to put the wheels in motion?

First, resolve to follow through on making an explicit BYOD policy and talking through it with your employees who need it most. Don’t be like the majority of companies who leave BYOD policies to the realm of the informal or the socially-enforced, yet unencoded. You should pair good BYOD practices by your employees with rewards, and poor practices with mild consequences.

The better you craft your company’s BYOD policy, the more likely your employees are to follow it, and the more likely your company is to retain a strong cybersecurity perimeter. Remember, a policy is only effective if people are motivated and capable of following.

Draconian BYOD policies, while perhaps appealing to larger organizations, will result in more unhappy employees and higher turnover, hurting your bottom line. There’s no reason to let something that’s supposed to be a money-saver like BYOD become a point of loss.

Software as a Cybersecurity Solution

There are some ways that you can incorporate useful software into your BYOD policy for the betterment of your company. Software that can act as a soft barrier between your user’s device and your company’s important data, without getting in the way of the user’s job, is exactly what you should be looking for.

It may seem foolish to introduce an additional step in the already-complicated cybersecurity process, but using an app that’s designed to smooth the BYOD cybersecurity dilemma as part of your BYOD policy is a large step forward relative to trying to go at it alone.

By introducing a layer of protection, your employees can rest assured their device will stay safe and also stay useful in the course of their work. Even more importantly, you won’t have to worry about data breaches or malware infections slipping into your corporate network as a result of a permissive BYOD policy.

The trick is that an intermediary between your employees and your data lets your employees retain full control of their devices, while allowing your company to maintain full control of its internal perimeter. Your IT team will thank you, as will your BYOD users.

Download our “How to Minimize BYOA Risks When Rolling Out Your BYOD Policy” white paper for more information or request a demo with one of our app experts.