It’s spring and GDPR is all around. And there is much confusion about it. We’ve been working almost a year now, to set everything up, both technically and legislatively, for this global cornerstone of digital security. And we have good news. IceWarp is now fully GDPR compliant. We’ll show you how to prepare your company as well.
In short: IceWarp is GDPR compliant already. But it´s not all about the product. For you, as a company, GDPR means significant changes in inner processes to meet its baseline. You learn how you can improve your IT further in this article.
General Data Protection Regulation (GDPR) is the largest and the most comprehensive EU legal act of personal data storage and processing in history. Adopted on 14 April 2016, it becomes applicable after a two-year transition period, on May 25th.
The goals of GDPR are promising - to grant more control over personal data to every EU citizen and to simplify the regulatory environment of international business. But what is personal data anyway? According to EU officials: “Personal data is any information relating to an individual, … It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer’s IP address.” (GDPR press release, European Commision)
GDPR is not all about digital security though. The new law enforcement is affecting mostly company’s inner procedures - a way of storing data, managing levels of clearance and updating data policies. In short, that means sleepless nights for company’s lawyer and a lot of paperwork for the rest. Otherwise, penalties will be severe.
Setting up your IT
On the brighter side, if you’re using the latest version of IceWarp Server, you don´t have to worry about your software not being GDPR compliant. We regularly conduct vulnerability and penetration testing of IceWarp Server and all related tools and client applications. We also make sure that we update to the latest patches of all critical components of the system including openssl, certificates etc. Therefore, similarly to any other IT system, it is necessary that you keep updating to the latest version of IceWarp Server in order to stay protected against recent security threats.
In terms of IT infrastructure, make sure that you follow the general best practices of IT security, including remote access security, firewall security, password complexity enforcements, and malware protection. IceWarp team can help you with review of your current setup.
However, you may also need to do few configuration changes of IceWarp Server in order to fulfill some of the GDPR requirements. For example, to access all data and search through them, you can simply set up a global archivist account. The account comes handy when your customers or former employees require you to provide GDPR audit of their personal data.
There are also some other simple steps, you may want to take to be even more in the line with GDPR regulations:
- Data loss protection - be sure you’re using SmartAttach and Archive functions.
- Grant only a mandatory access to a server - according to a level of clearance, lower the number of people with wide access to a server.
- Enable 2-factor authentication - for server administrators, simply use IceWarp Authenticator, which works smoothly for almost any IT admin, or set second authentication method like i.e. SMS.
- S/MIME keys - start digitally signing and encrypting your messages using S/MIME, but be aware of a significant increase of computing power needed.
- Levels of clearance - do a permission audit, deny an access to nonessential personnel, set different passwords to the most secure directories.
- Use user accounts only - we don’t recommend to run IW under the root account, use dedicated user’s accounts instead.
- Data searching - set authorized individual(s), who have permission to seek through Email Archive and Full-text search.
- Erasing in person - make sure that erasing is done by the person who owns the data.
- Use system logs - enable system maintenance logs on your server, this allows you to track every action on a server, along with user authentication and activity.
GDPR super-power is coming in June
Firstly, let us assure you - IceWarp On-premise and Cloud are fully GDPR compliant at the moment. Things gets more complicated when it comes to full-text search for personal data though. Because of complexity of GDPR and its maintainance demands, a built-in search engine isn’t enough. That’s why GedAI has been created.
GedAI is a whole new product mainly addressing GDPR compliance of companies. GedAI locates personal data, archives them and creates GDPR reports. With full-text search and advanced filtering options, you will be able to process terabytes of personal data from various sources of your server in just a few clicks.
GedAI will be available for both On-premise and Cloud subscribers from June. We’ll keep you posted.
Audit that out
Need further help with a preparation for GDPR? Let us know on firstname.lastname@example.org. We will gladly help with a transition.
For legal info please see the GDPR legal statement.
To learn more about IceWarp, please visit our web: www.icewarp.com