On May 25th, 2018, the EU will begin officially enforcing its new General Data Protection Regulation (GDPR) standards. This initiative aims to heighten personal data security across all businesses operating within or connected to Europe.
Risks of Non-Compliance
Despite the initiative’s roots, the GDPR’s impact will stretch far beyond the confines of the EU. Any hotel that hosts international guests, for instance, is subject to the new GDPR rules. In other words, to avoid heavy fines of up to €20 million, it is crucial for all international business owners to ensure GDPR compliance well before next year’s deadline.
As we sprint to the GDPR compliance deadline, many companies are doing their part to keep their workforce informed. Amanda Finch, Director of Risk and Compliance at Journyx, spoke to us about how GDPR will impact companies well outside of EU borders.
Finch states, “Any data you gathered from a person in the EU, regardless of where they actually reside, puts your company in the GDPR enforcement crosshairs. Can they really enforce these fines on non-EU companies? The answer is yes – they certainly can. In one example, the U.S. and the EU have agreed to a framework that permits enforcement against companies in the U.S. – a necessary step to maintain the vast amount of U.S.- EU trade.”
She goes on to ask, “Do you provide services to companies in the EU? Don’t rely on your knee-jerk instinct to assume that these penalties won’t flow down to you should those companies run afoul of GDPR. If your EU customer gathers personal data and sends it to you, you are as liable as they for their misdeeds, and subject to the same fines.”
Internal communication tools sit at the crux of many of the new standard practices enforced by the General Data Protection Regulation, so naturally, we want to provide you with as much information as possible to prepare.
As digital workplace architects, our team at Beekeeper is constantly optimizing our internal communication tools so your company and employee data remain secure. Today we’d like to talk about what GDPR means for ubiquitous international messaging tools like WhatsApp.
Why WhatsApp for Business is a No-Go as of May 2018
WhatsApp was never specifically designed for enterprise use, and the security risks of using a tool like this for official company business is well-documented. In addition to the fact that WhatsApp’s data privacy record leaves much to be desired, the app is also not optimized for group chat or collaboration. For non-desk workforces and busy teams who must collaborate on the go, this user experience is less than ideal.
Despite its shortcomings for corporate use, many international companies use WhatsApp as a cost-effective one on one messaging and conferencing tool. Under the new General Data Protection Regulation laws, however, the use of WhatsApp will count as a strike against businesses as it fails to meet the security standards that companies must uphold to avoid massive fines. WhatsApp violates the GDPR on several counts, including the Right to Access, the Right to be Forgotten, Privacy by Design, Data Portability, and Transfer of Data.
Achieving GDPR Internal Messaging Compliance in 3 Steps
Company content hubs should feel like a warm and lively gathering, not a ghost town. Carrying strong visual brand assets throughout your internal communications hub is a great way to encourage employee engagement and collaboration. Whereas a traditional intranet can feel as sterile and stark as a windowless chamber, the Beekeeper digital workplace suite can be customized entirely without robust assistance from IT or technical leaders in your organization.
In addition, the Beekeeper interface allows individual employees to customize things like push notifications and workflows, giving a more personalized feel to the workplace experience. In addition to increasing productivity, these interactive features and notifications also encourage higher levels of participation within the company culture, leading to higher levels of overall workforce satisfaction.
- Adopt and Adapt
As May 2018 is just around the corner, now is the time to adopt an internal communication tool built specifically for enterprise—a tool that meets GDPR compliance and that will mesh well with your employee workflow. Adopting an ISO 27001-certified IT strategy is recommended. Before onboarding employees, be sure the new system is thoroughly tested and passes our GDPR liability test.
- Implement and Train
As old habits tend to die hard when it comes to messaging and communication, it’s important to host formal trainings to ensure that employees understand how to use the new internal communication tool, as well as teach them why the shift is taking place to begin with.
When deciding which internal messaging tool is right for your company, be sure to keep in mind that it should be mobile-friendly with an accessible and customizable interface. Really Simple Systems CEO Jon Paterson has employed a diligent internal communications strategy to keep his entire organization aware of not just adjustments to tool usage, but of GDPR’s high stakes implications for business.
“Everyone who handles personal data – sales and marketing teams, accounts, HR, customer services – needs to be educated about GDPR.” Paterson shares, “We’ve sent a briefing note to all such staff explaining what GDPR is, how it affects the company and how it will affect them.”
- Maintain and Enforce
Considering the massive financial risk of violating the General Data Protection Regulation rules, maintaining and enforcing GDPR compliance within your digital workspaces is of critical importance. As you retrain older employees on the new internal messaging tools and onboard new staffers, be sure to emphasize that using non-sanctioned messaging tools intended for consumers like WhatsApp, Viber, or iMessage is strictly prohibited, and that usage of any non-sanctioned messaging platforms could result in termination.
To ensure your internal communication tools don’t violate the GDPR and leave you vulnerable to fines, get a free trial of Beekeeper’s employee communication app that is already compliant.