If you haven’t heard about data sovereignty yet, you likely will soon.
Data sovereignty refers to the digital information your company uses and stores and with what laws that data must comply. In short, your data must be used and stored according to the laws of the country in which it is located.
These security requirements generally cover how information is used by the business, how it is stored and for how long. Should your security be breached, these regulations may also determine how to report the theft and what liability your company may face.
Data sovereignty is an emerging business issue since companies are quickly adopting cloud technologies while expanding into global markets. This means that your data must meet the data security requirements of the country in which it is stored, whether it’s in the United States, the European Union, China or elsewhere.
A recent webinar, Data Sovereignty: Understanding its Implications to Your Business and Investments, covered this topic in depth and is well worth a listen. Sponsored by The Deal, with experts from IntraLinks, Intel and Hewlett-Packard Enterprise, the webinar makes plain that data sovereignty is an area where small- and medium-sized businesses are particularly vulnerable.
The webinar’s recommendations for small- to medium-sized businesses were:
- Data security must be an ongoing concern, not a one-time fix.
- Continual security training is essential since most security breaches happen due to employee mismanagement of data. Common examples include opening an email attachment or inappropriately sharing customer data.
- Every country has slightly different requirements for the handling and storage of personally identifiable information. This means you should develop a relationship with an attorney who specializes in international privacy, compliance and data security laws.
- Conduct due diligence over contracts and service level agreements with your cloud storage providers to ensure those vendors comply with the latest security standards. Your service suppliers may also be able to help your company get in compliance.
- Don’t wait for a crisis. Create a security plan, execute on it and update it regularly.
- There’s no one solution to data sovereignty. Encrypting everything and storing the data indefinitely may be illegal in countries in which you operate. You must classify data to handle it correctly.
- If you experience a security breach, don’t try to handle it on your own. Reach out to law enforcement and trade associations in your vertical for advice on remediation and legal issues.
From the buyer’s perspective
More and more buyers consider a company’s existing policies and procedures around data security. If your company has a nonchalant attitude toward security, it’s time to devote some attention to employee training and development. You’ll also need formal policies and procedures to protect the company’s data. A long-term culture of data security protects your company for a future sale as well as current profits.
© 2016 Generational Equity, LLC. All Rights Reserved.
*****
Learn how to prepare your company for your exit through a free whitepaper from the merger and acquisition experts at Generational Equity.