IceWarp is GDPR Compliant
It is spring and GDPR is all around. And there is much confusion about it. IceWarp has been working almost for a year now, to set everything up, both technically and legislatively, for this global cornerstone of digital security. IceWarp is now fully GDPR compliant.
GDPR is not just about the product. For a company, GDPR means significant changes in inner processes to meet its baseline. The goals of GDPR are promising - to grant more control over personal data to every EU citizen and to simplify the regulatory environment of international business. But what is personal data anyway? According to EU officials, "Personal data is any information relating to an individual. It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer's IP address." (GDPR press release, European Commision)
GDPR is not all about digital security though. The new law enforcement is affecting mostly company's inner procedures - a way of storing data, managing levels of clearance and updating data policies. In short, that means sleepless nights for company's lawyer and a lot of paperwork for the rest. Otherwise, penalties will be severe.
Setting up your IT with GDPR Compliant Server
In case your software is not fully GDPR ready, opt for a server which is. Ensure that all latest patches of all critical components of the system, including OpenSSL, certificates etc., are up-to-date.
In terms of IT infrastructure, make sure that you follow the general best practices of IT security, including remote access security, firewall security, password complexity enforcement, and malware protection.
There are also some other simple steps, you may want to take to be even more in the line with GDPR regulations:
· Data loss protection - be sure you're using SmartAttach and Archive functions
· Grant only a mandatory access to a server - according to a level of clearance, lower the number of people with wide access to a server
· Enable 2-factor authentication - for server administrators, simply use IceWarp Authenticator, which works smoothly for almost any IT admin, or set second authentication method like i.e. SMS
· S/MIME keys - start digitally signing and encrypting your messages using S/MIME, but be aware of a significant increase of computing power needed
· Levels of clearance - do a permission audit, deny an access to non-essential personnel, set different passwords to the most secure directories
· Use user accounts only - we don't recommend running IW under the root account, using dedicated user accounts instead
· Data searching - set authorized individual, who have permission to seek through Email Archive and Full-text search
· Erasing in person - make sure that erasing is done by the person who owns the data
· Use system logs - enable system maintenance logs on your server, this allows you to track every action on a server, along with user authentication and activity
GDPR super-power is coming
IceWarp On-premise and Cloud are fully GDPR compliant at the moment. Things get more complicated when it comes to full-text search for personal data though. Because of the complexity of GDPR and its maintenance demands, a built-in search engine isn't enough. That's why GedAI has been created.