“Well done is better than well said.” - Benjamin Franklin

Where did you store that data?

GDPR law states that any PII (Personal Identifiable Information) within your business should be stored in the EU, be easily accessible by its subject, and that subject should have the ability to modify, delete or transfer their own data. In addition, you should have clear PII data retention policies set and adhered to.

A look at PII storage and security:

Data Management

Clearly, businesses should first have a good understanding of where their PII data resides.  For most businesses where roles are split per department, there should be a GDPR representative who is responsible for managing the PII data within their department, as for example someone in the finance department likely will not have access to manage HR data – the HR team would need to do this.

Having this organisation in place is key to be able to respond to SAR (subject access requests), which are a lawful requirement of any business in the UK (and EU).

Office 365 to the rescue?

Storing data in Office 365, if in Exchange (email), SharePoint, OneDrive, or Teams can mean the data is more easily searchable, however, unless you have the very top Office 365 licencing for mid to large size business, you will need to purchase a Microsoft Priva licence to run and complete your SAR.  There is still a reasonably large task ahead of any business completing a SAR, even with the Microsoft Priva licence, so don’t think this is the only cost.

As a business (of any size) holding PII data, it is your responsibility to ensure that data is secured and protected.  Office 365 is great for this, especially if your business is using a zero-trust model and conditional access (Bitwise-IT can help your business with this if you aren’t already there!).

Data not in Office 365

For data not on Office 365, are you sure where it really resides? If one of your business machines was stolen tomorrow do you trust that there is no PII data on the machine, or that there was data but it was encrypted and inaccessible to the thieves?

Suffering a data breach can be expensive for any business and can greatly affect your reputation and chances of building future relationships with new prospective customers.  That is why Bitwise-IT are offering a FREE PII scan for your small business of up to 250 devices (including servers).  We will then return a report to you identifying exactly where the PII data on your systems resides.

Interested? Reach out to us via our contact page and let us know you’d like a free PII scan along with how many devices you have.