Why Full Stack Web Developement is good option for your business

Full stack web Developers are somebody who works dependent on the advances over the numerous spaces. The web designer would proficiently take a shot at the different advancements over the web developers with the skill to the high brilliance. Rather than having the diverse group of master on the database, front-end, and back-end, it is considerably more productive at taking care of each application over all levels with the better customer co-ordination.

Full Stack Development takes the responsibility for configuration just as the usage of the procedure appropriate for the site. The Full Stack development takes on everything that the site might effectively work on the venture to the high degree. Full Stack development group conveys the total in-house to bring the total answer for the web development whole development process for the most part reasonable with the 3 layers of production

·         Presentation (Front-end part – User Interface)

·         Business Logic (Back-end part – Data Validation)

·         Database layer

Full stack development is basically included over every one of the means for the origin of thoughts dependent on genuine item sending. Proficient developer fundamentally is appropriate for the capable working dependability in development, creating, testing and numerous different procedures satisfied dependent on various criteria. The pro likewise deals with the different pieces of the application that winds up embarrassed with costly.

Advantages of Choosing Full Stack Development –

Full Stack Web Developers conveys various advantages and grasp to effortlessly understand the glitches crosswise over shifted floods of the web just as application development. A large portion of the organizations are very thorough about picking the best Full Stack Developers to create a total application without preparation and there is additionally no end in process. Entrancing realities that mostly rises in the field is that Full stack developers could effectively build up the Radically Distinctive Code with uniqueness in the more proficient approach.

·         Huge Demand For The Full Stack Developers

Full Stack Development is one of the knowledge just as a perfect profession choice that advantageously causes the general population to effortlessly get the helpful enthusiastic on the improvements for settling on the correct profession decisions. Full Stack Developers with assorted coding abilities are at the higher interest and the majority of the organizations are hoping to contract the Full Stack developer as opposed to employing 2 or 3 architects to do a similar activity. For the individuals who search for the aggressive and rewarding employment, Full Stack Development is a standout amongst the most great encounters.

·         Radically Distinctive Code

Each Full stack developers like the advancement and inventiveness that is particularly the one of a kind coding utilizing the different programming devices. It would give you the edge on the remainder of engineers.

·         Proficient in Multiple Technologies

Full Stack Developer has hands-on information over the various innovations. Beginning from making the backend database, planning front end, including activity’s  screen, altering pictures in Photoshop and considerably more could exceedingly be reasonable for getting right choice high greatness. It would proficiently diminish reliance in the association with the specialized angles.

·         Breadth First Search (Bfs)

When contemplating chart hypothesis then you could have experienced the Graph Traversal Algorithm. Expansiveness First Search is a traversal calculation that could helpfully transform first the meeting adjoining hubs into its root hubs.

Full Stack Developer Excels In –

·         Optimizing the front-end code in Java, HTML, PHP, JavaScript and then some

·         Create, Understand and Query database

·         Make utilization of API’s

·         Writing backend code in Ruby, Java or Python

·         Better working information of the framework foundation

·         Experience in the equipment and working framework

·         Knows to organize with the customer and deal with the whole task

·         Networking and security methods

About Full Stack Development Course:

Full Stack Development is particularly required for building up the techniques over all aspects of the web development venture. Full Stack Development courses are intended to effectively familiar with the way toward structuring just as advancements of the total site. Most organizations procure Full Stack Developers dependent on the information and involvement in every single undertaking.

·         Learn core ideas of

                      Front-end programming

                      Back-end programming

                      Databases

                      Testing

                      Debugging

·         Familiar with the most recent web development technology

·         Learn about SQL and NoSQL databases

·         Complete web advancement process

·         Practical execution of ideas

Disadvantage of Full Stack Approach –

·         Insufficiency with calculation overwhelming backend

·         Relatively youthful advances

·         Jack all things considered and ace of none

·         Drawbacks on the different instrument with the stack joined

Conclusion  –

Full Stack Web Development for the most part adds to the abundant of chances for handling each venture. The top full stack development company are employing the expert Full Stack Developers with the worthwhile pay scales just as various professional success openings. Become an inside and out master with front-end, back-end and databases with complete courses.

Analysis of The Personal Data Protection Bill, 2018

With growing sensitivity around the use of personal data by third parties, many economies around the world have started formulating policies to curtail the data misuse. One such sweeping law is the European “General Data Protection Regulation” which was enforced in May 2018.

It became imperative that one of the fastest growing economies ie India also puts together a law to protect the data of its citizens. This has led the government to appoint the Justice BN Sri Krishna, committed to formulating a data policy for India.

Justice BN SriKrishna committee submitted the report on Data Protection Law or “The Personal Data Protection Bill, 2018” to the central government and it is proposed to be tabled in the Lok Sabha in the Winter Session. The central government had set up this committee under the leadership of retired Supreme Court Judge BN SriKrishna.

The other members of the committee are Unique Identification Authority of India CEO Ajay Bhushan Pandey, National Cyber Security coordinator Gulshan Rai, Vidhi Centre for Legal Policy research director Arghya Sengupta, Telecom secretary Aruna Sundararajan and joint secretary, Ministry of Electronics and IT Gopalakrishnan S.

Highlights of The Personal Data Protection Bill, 2018

Stakeholders 

The bill defines the entities under consideration and clearly defines the popularly known data subjects or people under the purview of the bill as “Data Principles” and the data processors and controllers as the “Data Fiduciary”. Clear terminology has helped in establishing transparency and accountability between these two entities.

Applicability 

The law will be applicable to both the government and private companies.

Jurisdiction 

The proposed law will have jurisdiction over the processing of personal data which is used, shared, disclosed, collected or otherwise processed in India. It will be applicable to all the companies incorporated under the Indian Law, irrespective of the geographical location of such companies.

Personal Data 

The bill provides for the definition of ‘personal data’ and ‘sensitive personal data’ which adds to the applicability of the law. “Personal Data” is information about or relating to a natural person who is directly or indirectly identifiable using a combination of features like characteristic, trait, etc.
Also, the “Sensitive Personal Data” is defined as data related to or constituting as passwords, financial data, health data, official identifier, sexual orientation, biometric and genetic data, transgender status, caste and intersex status, as may be applicable.

Data Processing 

The law will cover the processing of data by both public and private entities. The cases of processing of the personal and sensitive personal data are very clearly defined. The state can process data without obtaining the consent of the principle in the instances of law and order, public welfare, emergency situations where the principle is not in the capacity to provide consent or reason.

Consent

Processing of the personal, as well as sensitive personal data, requires consent from the principle. The consent should be free, informed, specific, clear and in a manner where it can be withdrawn at a later stage.

Data Principle Rights

The bill mentions that the data principle can obtain from the data fiduciary the following rights –

  • Right to confirmation and access
  • Right to correction
  • Right to Data Portability
  • Right to be forgotten

Transparency and Accountability 

The bill lists down certain practices which the regulated entities must implement –

  • Privacy by design
  • Data protection impact assessment
  • Record keeping
  • Appointment of a data protection officer
  • Data audits

These practices are to be executed by the data fiduciaries which can be classified as “significant data fiduciaries” by the Data Protection Authority.

Majority of the IT companies in India can leverage this provision to become compliant and evolve the internal enterprise level IT infrastructure by enhancing their email archival solutions data storage facilities and data security.

Transfer of Data

The bill mandates that a copy of the data be stored in India and the central government has the right to define what is critical personal data and mandate its storage and processing exclusively within India. These transfers will always be initiated under the model contract clauses which secure the data principle’s interests in terms of data security and privacy. The transferor and the transferee are liable for any violations committed.

Authority and Enforcement

The bill calls for the establishment of an independent Authority body corporate in the name of “The Data Protection Authority of India”. The Bill clearly defines the composition, jurisdiction, modus operandi and lawfulness of this Authority.

The Penalties played down in the bill amount to 5 crore rupees or two percent of the worldwide turnover to 15 crore rupees or four percent of the worldwide turnover. The bill lays down the remedy for the data principle to claim compensation for harm suffered as a violation of any provision, by the data fiduciary. Certain offenses are punishable with imprisonment.

The date of provision will be proposed by the central government in certain cases while otherwise, the enforcement date will be 18 months from the date of enactment of the law.

In Conclusion 

The Bill is a good start for the personal data protection regime in India. It places Indian companies on the global map as, the compliant companies will eventually have systems which are aligned with the principles of “privacy”. There are challenges with regards to data sharing, especially when the majority of the systems work on cloud computing and it is to be seen how companies promote innovation and convert these challenges into market opportunities.

5 Best Practices When Choosing An Email Archiving Solution For Your Business

In any organization, of any type or operation area, email still remains the number one choice of communication. It is an authentic and reliable source to track one’s words and to a certain extent, even retract them. Without email, this would have been only surreal. With the ability to transact at a lightning speed and store critical information, it is important that every organization protects this medium of communication with utmost diligence.

Best Practices while selecting an Email Archiving Solution

Archiving and Storage

For any organization, a cluttered email box is a nightmare. Moreover, un-organized storage is as good as information lost, as it may take forever to re-discover the required information. Accidental data loss can be a big impediment to business growth and also may have negative cost implications.

  • Therefore, the archiving solution must have the facility to store a large quantity of data in an organized manner.
  • The solution should be hosted on the cloud, in order to ease the pain of managing PST files stored locally.
  • There is a need to have an inbuilt functionality to archive the emails and store them separately.
  • The solution should be configurable as per the organization’s email retention policy.

Technical Service

From a business point of view, technical services ensures that the end consumer is helped with all the operational issues of the product pre and post sales. It is part of the overall customer service, having the potential to impact the image and brand of the company. A technical and user friendly service, helps drive higher sales for a company.

  • Ensure that the service provider is providing 24/7 technical support.
  • The solution provider should have a dedicated team to maintain servers, back-ups, software upgrades and network maintenance.
  • The email archiving service provider is able to provide On-call, On-site and email support as a part of their regular service.

Infrastructure

If the quantity of the stored data increases, the Infrastructure cost of the company escalates when the storage is on premise. Not only the cost of the hardware, but also the physical space required to keep the hardware needs to be paid for on an incremental basis. There is an additional cost of Air Conditioners, Electricity, Security guard, etc required on the site.

Operational Excellence –
A solution is said to be operationally excellent when it serves the purposes of business continuity in case of a disaster. It should be easy to use by all the user types of the system and offer a high degree of compatibility in terms of integration with third party applications.

  • The Email Archiving solution should integrate with popular software like Office 365, G Suite, Microsoft Exchange and others.
  • Before you select a solution, find out the kind of downtimes and the response mechanism they are offering in case of service requests.
  • Near zero downtime and top notch functional support are essential to keep the operational costs low and if the downtime is more, it leads to revenue losses to the tune of thousands of dollars. It also leads to a negative impact on the credibility.

Security

With more and more data being transacted online, email is increasingly prone to cyber attacks. There have been many cases of data theft, corporate espionage resulting in million dollar losses to the victim companies.

  • Business, small or big, look for data security features in a solution. This is why tools to prevent attacks like malware, worms and virus are essential in online processes.
  • Take care that the solution is GDPR compliant. This means, that in case of a data breach, the vendor should be in a position to inform the customer within 72 hours of the breach.

Compliances & eDiscovery

eDiscovery requests made to a company can be expensive and time consuming in terms of extracting large volumes of emails and data from the backup tapes. Email Archiving on the other hand, offers an easy and cost effective method for both, government agencies and private companies to assure fast response to data queries.

  • Along with the GDPR, the solution is required to be configurable to comply with the local laws like HIPAA, FISMA and provide eDiscovery services. eDiscovery lets businesses conduct deep searches to find old mails and restore mailboxes.
  • The Federal Rules of Civil Procedure (FRCP) and the Freedom of Information Act (FOIA), requires the businesses and the government agencies to preserve copies of email- both internal and external- for future requests.
  • The solution should allow settings to fit the email retention policy of the company which helps the companies define the way it handles its old emails of current or ex-employees. A method to store them safely and a method to retrieve the emails when an eDiscovery request kicks in.

The Advantage of using  a SaaS Archiving Solution

Cloud computing has led to a lot of advantages which the companies can leverage to their benefit. Typically, on-premise installations take months to deploy the required configurations and post-deployment testing. Selecting a SaaS based email archiving solution is a good idea for the following reasons:

  • With SaaS solutions, the configurations are quick and the deployment is web-based which takes only a few weeks time.
  • SaaS solutions are cost-effective, working on a Pay-as-you go revenue model. They require only operational expenses and no capital expenses like infrastructure cost, as required by an on-premise installation.
  • SaaS generally costs 10 times less than an in prem set up, by eliminating capex costs. Users need to simply consume the services.
  • SaaS solutions come with state–of-the-art database management, indexing expertise, large storage capacity thereby ensuring optimal search and retrieval speeds.
  • With the periodic updates, the SaaS solution is automatically updated with security patches.
  • It keeps a track of all the transactions on the platform, thereby assuring transparency in the operations.
  • Most importantly, this makes the post-deployment SLAs (Service Level Agreements) enforceable instantaneously.

The Email Archiving Solution should help your business design better email policies, manage organizational data, store and recover the data. Most importantly, the software should evolve over time, keeping you compliant with laws and legalities.

How will GDPR Affect Email Retention?

Introduction to GDPR

Corporates with operations across multiple geographies need to be aware of various policy compliance from keeping the business out of legal hassles. The General Data Protection Regulation (GDPR) is a Regulation of the European Union that protects natural persons (called data subjects) regarding the processing and free movement of their personal data.

This regulation has laid out very strict norms on how private information of individuals should be handled and processed. The GDPR is applicable globally and was enforced on the 25th of May 2018. This regulation has made the data and internet companies re-invent their data management strategy.

When it comes to corporate data, an email system comes in the purview without saying. Today, email has become the lifeline of any organization due to the simplicity, flexibility, and integrity it offers for the company’s internal and external communications.

What is Email Retention?

With Email becoming the main channel of communication, its security, stability and storage should be given high priority in the organization management. Therefore, an Email Retention Policy must be framed to ensure continuity in the company – client communications.

An email Retention Policy defines aspects such as employee email storage, usage, retrieval of ex-employee email data and deletion of the same. The benefits which come in after implementing a robust Email Retention Policy are the cost optimization of data storage, approval process optimization for accessing the email archives, and permissions for sharing emails, amongst others.

How will the GDPR affect the “Email Retention” ?

The HR Manager of the company, the IT Manager and the newly appointed “Data Protection Officer” will have to closely work to make sure the “Email Retention Policy” is updated and operational.

The GDPR compliance requires that the data should be processed and controlled only with the consent of the data subjects. It also requires that the data should be deleted securely once its life has maxed out. Emails often contain personal data – and that means organizations must manage backup and archived copies of the emails very meticulously.

Most of the existing systems are tape based and therefore the recovery of the email is very difficult and time consuming. The systems should be such that the retrieval of old data should be easy and faster. The search should take less time.

Today, cyber attacks and cyber crime are on the rise. In a Phishing Attack for example, the hackers entice the users into downloading a file or re-direct the user to a web link. When the user downloads the attachment or clicks on the web-link, the hackers are able to access the information and files in the user’s email box. In this way, precious data like usernames, passwords, bank details, medical documents, etc is stolen and may lead to financial losses.

Compliance with GDPR ensures that the “Email Retention Policy” is well defined, also taking into consideration the cyber attacks. In addition, it sensitizes the employees about privacy, in terms of, identifying the suspicious links, setting passwords with “high strength”, not sharing passwords, and taking a back up of emails periodically on a central server or a cloud.

The GDPR lays out a road map to protect an organization from malicious URLs, attachments, phishing and other such common attacks that compromise customer data.

Under the GDPR, companies are required to automatically encrypt emails that contain sensitive personal data like credit card and bank details, insurance and health reference numbers and other types of data that could be accidentally, inappropriately or inadvertently shared. This ensures that an organization is not at risk of losing sensitive information and saves the company from any kind of legal exposure.

Just like obtaining affirmative consent from the data subjects is mandatory, according to GDPR, the data subjects must be notified in 72 hours of any security breach through an email.

“Email Archiving Solution” as a part of the “Email Retention”

Conventionally, Email Archiving process consists of Local Backups, Backup Rotation, Backup Copies, Process Checks, Storage Quota, Local Searches, IT help desks and support. On-premise backups copy your data to a storage device located on your location. This process can be manual or automatic. The storage devices can be stored onsite for quick access or physically moved offsite afterwards for maintaining the archives. This means they have to be retrieved to the office location in order to start data recovery. Such a setup is exhaustive, cost intensive and time consuming.

Cloud backups can take minutes to hours before a business’s data is fully recovered and ready for work, due to it being readily available at all times by way of the internet. Cloud back ups are cutting edge solutions which consists of Automation, Guaranteed Stability, Elastic Storage, E-discovery and Self help or a Do-it-Yourself mechanism.

Solutions like Vaultastic, the cloud email archiving service from Mithi, manages the growth in your storage seamlessly, ensures extreme durability for the data and provides end users direct access to their tamper proof vaults with an e-discovery panel to simplify email management.

Data Privacy Laws in South East Asia

The ASEAN’s (Association of South East Asian Nations) combined GDP tops $2.6 trillion which is the 3rd largest in Asia and 7th largest in the world. With a population of over 600 million, the ASEAN market size is bigger than the EU or the North America.

With this tremendous opportunity for economic growth, the ASEAN has committed to harmonize legal infrastructure for e-commerce for the integration of the e-ASEAN Sector. One of the goals in this strategic initiative for the ASEAN Economic Community (AEC) is to adopt best practices concerning cyber security and data protection. With Philippines, Malaysia and Singapore being at the forefront of the Data Protection Policy framework and implementation.

ASEAN Prospects: 

In Singapore, the Personal Data Protection Act 2012 (PDPA) is the primary governing law for protecting individual privacy. The PDPA applies to all electronic and non-electronic communications that deal with data collection, processing, or disclosure within Singapore, regardless of whether they have an actual physical presence in the country. This act requires companies to obtain customers’ consent, establish reasonable purpose to obtain the data and inform its customers of all the data processes. Penalties of up to 1 Million Singapore Dollars or up to 3 years of prison is applicable in case the law is not adhered to.

Malaysia – Malaysia’s Personal Data Protection Act 2010 (PDPA) through its Personal Data Protection Department excludes the government sector from its scope. The Malaysian PDPA requires that individuals be notified of data collection, give consent, and be informed about the purposes for which the data is being collected. The PDPA prohibits any disclosure of the personal information which is not pre-declared to the customer, and the information must be kept secure and not retained for longer than is defined in the privacy policy. Individuals must also be allowed to access their information that is stored.

In The Philippines, the Data Privacy Act (DPA) was passed into law in 2012. This made the country the second in Southeast Asia to promulgate a comprehensive data protection law. It was only in 2016, however, that it was actively implemented with the establishment of the National Privacy Commission and the subsequent issuance of the statute’s Implementing Rules and Regulations.

Brunei Darussalam – This country is guided by a Data Protection Policy which covers personal data (in electronic or manual form) managed by government and educational institutions.

Cambodia – Kingdom of Cambodia is yet to announce plans regarding the formulation of a national law on privacy and data protection.

Indonesia has a regulation for the protection of personal data in electronic systems and the Communications and Information Ministry seems very keen on passing a personal data protection bill this 2018.

Laos  – The Lao People’s Democratic Republic has enacted laws with cover provisions relating to the protection of personal information—Law Protection of Electronic Data (2017) and Law on Prevention and Combating Cyber Crime (2015).

Myanmar – In March 2017, Myanmar promulgated a law entitled Protecting the Privacy and Security of Citizens (Union Parliament Law 5/2017). According to the Myanmar Center for Responsible Business (MCRB), the law prohibits interception of citizen’s electronic communications, private correspondences and, physical privacy, unless otherwise warranted by an “order”.

Thailand – The Kingdom of Thailand has a pending approval of a draft legislation, but has its Official Information Act 1997 to protect its citizens’ personal information that is being processed by the state agencies.

Vietnam – Vietnam has laws regarding  Cyber Information Security (2016), Information Technology (2006), E-Transactions (2005), and a law on Protection of Consumers’ Rights (2010). Article 21 requires that individual’s consent is a must for the subject’s data to be collected, processed, or used, and mention the purpose for which it is being collected. The individual can request to personally manage the information and the information controller or processor must immediately take the necessary measures.

The ASEAN adopted its regional declaration on privacy with its 2012 Human Rights Declaration. Article 21 of the declaration states that:

“Every person has the right to be free from arbitrary interference with his or her privacy, family, home or correspondence including personal data, or to attack upon that person’s honour and reputation. Every person has the right to the protection of the law against such interference or attacks.”

The ASEAN has cumulatively led to the establishment of the ASEAN Framework on Personal Data Protection in 2016. The Framework states the principles on data protection to help the members in the implementation of domestic laws and regulations aligned with the global framework.

In the age of Digitization, voluminous personal data is being generated and therefore economies across the globe are rallying towards “Data Privacy” and “Data Protection” laws with much seriousness to maintain the economic growth and avoid cyber threats. With Global frameworks like the GDPR, the ASEAN Framework on Personal Data Protection, all the trans-national groups have started to converge. This puts a mandate on the Corporates to revamp their existing systems and make them compliant with the laws.

Technology Approach to achieving compliance

Companies should assess and audit whether GDPR and local laws are applicable. If a company falls under the framework, then the Products and Services need to be revamped. For example, to comply with the Personal Data Protection Act 2010 (PDPA), solutions such as Vaultastic – cloud based Email Archiving solution helps clients achieve the required compliance of user consent and data management in a hassle-free manner. It helps in keeping the corporate emails secure and easily retrievable when required, adhering to the principles of “accountability” in the GDPR.

In addition, SkyConnect – Cloud based email solution brings in world-class cost effective email collaboration and enables Data Governance. These products set industry standards when it comes to “data location”, “personal data” and “sensitive personal data” as defined in the GDPR. To comply with native and international laws, the self declaration of a Privacy Policy is also necessary. This demonstrates the legal accountability, readiness and competitiveness, which in-turn opens new business opportunities in today’s connected world.

Vaultastic and SkyConnect together offer a complete suite for Data Privacy compliance. The products not only reflect a high level of sophistication, but also demonstrate the ability to help companies within ASEAN stay on the right side of the law when dealing with personal data in international geographies.

A 7 Step Guide for Implementing GDPR in your Business

Digital Transformation is underway for all the economies globally and this has resulted in voluminous data being generated, processed and transmitted across multiple entities with no geographical boundaries.

In order to be globally relevant, businesses need to be compliant with the law and demonstrate competitiveness. The GDPR gives a holistic view of data, process, network, and applications, and facilitates the audit framework to ensure data security.

Vaultastic has implemented the GDPR compliant methods and processes making it the harbinger of this sweeping new law. The following are some of the steps to align your business with the GDPR –

1. Awareness and Information Mapping

Key organizational members and decision-makers should be aware of the GDPR and should accordingly manage the permissions of all the other members who have access to company data. A data audit should be carried out at a granular level to answer the who, where, why, what, when and how questions related data subjects and the data usage. This entire audit should be documented with utmost details.

2. Privacy Notifications and Communications

Document the existing processes to avail the consent of data subjects about the utility of the data. Also, there is a need to document how the data is obtained, whether directly or indirectly.
The IT systems should be evolved to a level where the data subjects are in full control of the data and can perform the functions like rejection, withdrawal, rectification, objection, and access.

Policies like Email Retention should be in place and the customers should know about the duration the data will be retained. Businesses should deploy mechanisms to inform customers about Privacy Policy and any changes in it should be relayed to the customers from time to time.

3. Individual Rights

Individual rights are important as “Privacy” is a fundamental right. Under GDPR, businesses need to demonstrate the ability to give the data subject complete control over data by developing a system where the individual can perform these functions broadly as follows –

  • Request for personal data
  • Request rectification and rectify the personal data
  • Identify all the controllers and the processors of the data
  • Manage the third parties which access the data and, if required, restrict the same
  • Businesses to provide alert for data breach and remedy within the stipulated time
  • Request for backup of the data and also locate and export the data in machine-readable formats
  • Data should be easily portable

4. Consent Management

At the minimum, the companies have to ensure that the notification is clear and easily understandable, obtain consent freely and fairly, stop the data processing if the consent is rejected, obtain the parent’s consent if the child is under the age of 16 years and lastly all the data subjects should have a mechanism to withdraw the consent at any time.

5. Data Privacy Impact Assessment (DPIA)

Organizations have to perform the Privacy Impact Assessment which helps in defining and documenting the data process methods. Companies have to make sure that no data beyond the acceptable limit and above the consent of the data subject is collected. Furthermore, no personal data is shared with third parties other those for the initial consent were obtained. The legal basis for data processing must be established very clearly before collecting any personal data.

6. Data Security and Breach

Under the GDPR, companies have to encrypt the data. In case of a breach, companies must inform the data protection authority within 72 hours, while also informing the data subjects about the breach and its impact.

7. Appointment of Data Protection Officer

It is mandatory to appoint a Data Protection Officer (internal or external) with professional knowledge in data protection law and IT security covering the complexity of data processing and the size of the company. The Data Protection Officer is required to maintain audit trails, perform data inventory management, document processing activities, monitor compliance and enforce legal practices by liasoning and assisting the supervisors and managers.

All the above steps will ensure that the organizations are not only GDPR compliant, but also ready to optimize marketing expense and increase the returns on the investments.

Impact of General Data Protection Regulation (GDPR) on Indian Businesses

What is GDPR?

The General Data Protection Regulation (GDPR) is a Regulation of the European Union that protects natural persons (called data subjects) regarding the processing and free movement of their personal data. This regulation has laid out very strict norms on how private information of individuals should be handled and processed. The GDPR is applicable globally.

What are the salient features of GDPR?

  1.  Awareness: The GDPR compliance ensures that the organization as a whole should be sensitized about the data security practices they have to follow thereby adding GDPR to the company’s “risk register”.
  2. Consent: GDPR asks companies to take consent from the customers and this consent is freely given, informed, unambiguous and mutual. It enables the data controllers to have sufficient evidence to control the individual data.
  3. Wider scope: Data processors across locations come under the purview of the GDPR regulations and they have specific compliances to adhere to.
  4. Individual’s rights: Privacy is a fundamental right and the GDPR realizes this by establishing Rights to access to Data, Right to correction to the Data, Right to be forgotten, Right to restrict data proliferation without consent and many such rights.
  5. Privacy Notices: Amidst growing concerns for privacy, the GDPR helps companies empower their customers by being clear and transparent about how the ‘personal’ and ‘sensitive personal’ data is being handled.
  6. Data Protection Impact Assessment: The GDPR helps companies implement best practices which are mandatory in circumstances of medical health data, sensitive personal data, legal records, special category data and publicly accessible data.
  7. Data Protection Officers: The GDPR helps establish an ombudsman like position in the company. This position is taken by autonomous and appropriately senior personnel. This is a nodal office where the organizational operations, IT, Legal, Data Security and Privacy Policies cross roads.

Implications on Indian Businesses

The scope for GDPR implementation is much wider in India. According to a survey conducted by EY, 70% of Indian respondents see data protection and data privacy compliance as increasing areas of concern. 46% of the companies are worried about cyber breach and insider threats. Only 30-35% of all IT/ITeS companies have started their journey to work towards GDPR compliance.

India is in a unique position because of her Digital Transformation Journey. Through the government initiatives like JAM (Jan Dhan Aadhar Mobile), Digi-lockers, De-monetization, GST and others, more and more data is generated and stored. The Data Privacy Bill and The Supreme Court Judgement declaring Data Privacy as Fundamental Right shows the increasing seriousness about the topic.

Direct Impact of GDPR and Challenges

  1. The ITeS industry requires an increased un-restricted flow of data to be transferred from the EU because essentially the software business is on the outsourcing model.
  2. The GDPR will limit EU companies’ outsourcing options which will hamper business development opportunity and may incur losses for businesses in India as India may lose the competitive edge in the global markets.
  3. The Data transfer decision making will be stringent which may lead to increased overhead costs and longer timelines.
  4. The GDPR regulations target ITeS industry directly so for the compliance purposes there is a high investment cost which otherwise will lead to severe penalties. For example, an Indian unit building analytics for a tourism company in EU will have to undergo increased permissions from the client and also adhere to compliances like taking customer consent, data access and more.
  5. Moreover, the Indian Companies get an opportunity to check the GDPR readiness. Readiness essentially ability to help the data subjects freely manage their own data, help the companies assess the collected data, monitor the methods of data processing and design systems to protect the stored data. Readiness and Ediscovery are the hallmarks of good data governance in any industry.

Benefits of the GDPR for Indian Businesses

GDPR is essentially a blessing in disguise for many businesses in the technology domain. Some of the benefits are listed below –

  1. Cyber Security: The regulation encourages the companies to re-evaluate and improve the overall cybersecurity strategy. GDPR enables to establish a thorough control over entire IT infrastructure, security monitoring and data protection workflows.
  2. Marketing ROI (Return on Investments) & Customer Loyalty: GDPR requires companies to inform the customers of the data privacy and data processing protocols. It also requires companies to give more control to its customers in terms of sharing the information. Tailored messages to targeted customers/users can lead to more click throughs, social sharing and eventually a higher conversion rate. Companies get a chance to explain to their customers very clearly how they will be utilizing the data and gain loyalty and retention of the business.
  3. Efficient Data Management: GDPR compliance will encourage the company to minimize its exposure by removing all the redundant and trivial data which holds no value to the organization, but only risk. Date Audit will give a complete idea of the data structure and store procedures.
  4. Usher a Data Culture for Security: GDPR can promise ushering in a new culture in the company by sensitizing everybody about data security and introduce a new mindset of respecting user data privacy.

Companies are required to take up this new GDPR compliance challenge in the stride and establish new technology architecture and security processes around the data they handle. Many GDPR compliant companies are seeing new business opportunity by helping others become compliant and create a data secure ecosystem to ensure that the culture of innovation and startups is supported.

The GDPR thus opens up an opportunity in Data Governance and Protection practices in India, while laying a road map to strengthen the framework for government and industry. It also helps implement the Fundamental Right to Privacy enshrined in the Indian Constitution.

Data Protection and Privacy Laws in the Middle East

What is Data Protection?

According to the Data Protection Act 1998, UK, Data Protection is securing individuals personal information, laying down policies to handle this information and giving the individuals the right to access information that the organizations, institutions and the governments hold about them.

In today’s age of the internet, information sharing is seamless and data is the new oil. Invariably, data protection and privacy become the heart of all information related policies in any organization.

What are the existing Data protection laws in the Middle East?

There is no direct general federal law in the GCC (an alliance of the Middle Eastern countries of Saudi Arabia, Kuwait, the UAE, Qatar, Bahrain, and Oman).

Notwithstanding, it would be incorrect to say that Data Protection or Individual Privacy is not regulated.

The aspects of ‘privacy’ are covered in various general laws as below:

Qatar Financial Centre (QFC)
The QFC addresses Data Privacy by the Data Protection Regulations (Regulation 6 of 2005) which are mainly driven by the European Data Protection Derivative.

Dubai
The Dubai Healthcare City is regulated by Dubai Healthcare City Regulation No. 7 of 2008, and data protection in the DIFC is regulated by DIFC Law No 1 of 2007 (amended by DIFC Law No 5 of 2012) and by the Data Protection Regulations (Consolidated Version No.2 in force on 23/12/2012).

The DIFC enforces the law and imposes sanctions where the data controller is not compliant.

Kingdom of Saudi Arabia
The Shariah Law is supreme and it consists of tenets related to individual’s privacy. These principles are enacted in various sector-specific laws like –

  • Anti-Cyber Crime Law punishes any person (by fine or imprisonment) who illegally accesses the computer of another without the prior’s knowledge or permission. Electronic Transactions Law regulates all forms of electronic communications.
  • KSA Monetary Agency Regulations for Consumer Credit (Credit Regulations) governs the exchange of information between borrowers and creditors through the Articles 3.1, 3.2.
  • Healthcare Practice Code requires that a health practitioner safeguard and observe complete privacy in regards to patients’ data.
  • Telecommunications Law restricts the service providers from sharing customer data to third parties and also prohibits telephone tracking of the customers.

Qatar
“The sanctity of human privacy shall be inviolable, and therefore interference into the privacy of a person, family affairs, home of residence, correspondence, or any other act of interference that may demean or defame a person may not be allowed,” says, Article 37 of the Qatari Constitution.

United Arab Emirates
Article 31 of the UAE’s constitution speaks about freedom of communication and guarantees its secrecy in accordance with the law. The National Electronic Security Authority (NESA) ensures the electronic security of data storage, processing, and transmission.

Umbrella of the GDPR

Not only the Information and Communications Technology (ICT) companies but also Banking and Financial Services Institutions, Tourism, Hospitality, Media and Telecommunication, Automation and Engineering companies fall under the context of GDPR.

At a broader level, any company storing, processing or transmitting the data of EU residents irrespective of its geographical location must comply with GDPR.

Impact of GDPR (General Data Protection Regulation) in the Middle East

The GDPR standardizes the data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information.

It gives the control back to EU residents. The GDPR will usher in better accountability and governance as it is comprehensive, strict and the penalty can be as high as 4% of the total annual turnover of the company.

The law is enforceable from 25th May 2018. The GDPR has provisions like Appointment of representatives, Sanctions, Data breach notifications, Accountability, Data Protection Officers, Individual rights, to name a few.

According to the law, if any company in the Middle East is engaged in performing operations on the data of the Europeans or residents of EU, irrespective of its location will have to upgrade the software and servers to provide enhanced security and control to the customers.

This means greater financial implications to the company in terms of software, hardware, and appointment of human resources for the sake of compliance.

Businesses will have to create internal compliance processes for all the employees to fall in line with the GDPR. The concerned representatives will have an exposure to the legal authorities.

Companies will have to upgrade their offerings and projects to give the customers a complete control over their data. The impact of the GDPR can be visible in various industry sectors like Travel and Tourism, Automobile, Hospitals, Hotels and the Offshore Development Centre- IT Industry in general.

The companies based out of Middle East have to navigate costly, time-consuming and technically challenging obstacles like facilitating “data portability”, “data storage”, “notifications”, “data control” to name a few.

Enterprise software solution providers will have to conduct assessment of the functionalities in the application as its database consists of voluminous data of customers. So ensuring compliance to GDPR may require considerable modifications and aligned costs.

Technology Approach to GDPR compliance

The core principles of GDPR are lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality and accountability. These are essential to protect the principles of freedom, right to privacy and secure natural justice in all spheres including personal data.

The companies should assess and audit whether the GDPR is applicable. Products and Services need to be enhanced. For example, to comply with GDPR, solutions like Vaultastic help clients achieve the required compliances in a hassle-free manner. It’s a cloud-based Email Archiving solution that helps in keeping the corporate emails secure and easily retrievable when required, adhering to the principles of “accountability” in the GDPR.

Cloud email based solutions bring in world-class cost effective email collaboration tools and enable Data Governance. These are the products which set industry standards when it comes to “data location”, “personal data” and “sensitive personal data” as defined in the GDPR.

Why Is It Safe For Government Bodies To Keep Data On The Cloud?

Technology Paradigms in Public Service

The government is not only the biggest data creator, but the largest consumer and aggregator as well. Central and State governments have large amounts of data in the form of user records, public policies, schemes. Thus it becomes critically important that the government has a strong and robust IT backbone to undergo a smooth transformation in its form and deliver all the services on demand. Information and Communication Technology increases productivity and efficiency while making the government machinery accountable, transparent and people friendly. The Digital India program initiated by the government is targeted precisely at meeting these objectives.

Downtimes due to hardware failures, software misconfigurations, security breaches and data loss are something that not just impact the productivity of the government offices (and therefore the quality of service) but also its credibility. Also, often projects drag on due to inadequately resourced sites severely compromising the return on investment made in the information system by the government organisation.

The cloud as a platform for such information system can remedy many of these shortcomings, while reducing costs, need for upfront capital and increased flexibility.

The Cloud

Cloud Computing, or, commonly referred to as ‘the cloud’ is delivery of services using computing resources over the internet. These services are classified as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Cloud Computing enables data storage, access to compute resources, data interlinking and data security on an on-demand and usage based model, optimizes the overall infrastructure cost and performance. All one needs to access the cloud is a working INTERNET connection.

Data Security Challenges

Migration to cloud essentially means moving sensitive government data to a third party infrastructure. Ideally the government should own the cloud where the data is stored. But the cost and effort required for such an exercise can be daunting. The risks can be easily mitigated by a SA (Service Agreement), that mandates the service provider to share the control over the data.

Any system used on the internet is not 100% secure. IT systems can be hacked and malware, virus, worms, etc, can be implanted which are harmful to the on premise data. The challenge is not limited to only software; an IT setup is threatened with cyber attacks, physical damage (maybe due to an accident or natural calamity) or a manual security breach. In each case, the system can be damaged to render them useless giving a huge blow to the investments, besides the loss of valuable data. Cloud service providers reduce this risk by implementing a distributed infrastructure wherein the data is backed up on multiple servers and a high level of physical and cyber security, thus ensuring adequate defence against system breakdowns or data loss.

In the cloud computing approach the data must be organised based on the impact levels. For example, the non sensitive or un-classified data can be displayed on public facing websites which has a lowest impact level. As the sensitivity increases and the impact is deeper, the data must be pushed to more secured storage. The United States has a dedicated policy called the Federal Risk and Authorization Management Program (FedRAMP), designed specifically to protect cloud-based government data.

Why Cloud Is A Safe Bet?

Disaster Recovery

Cloud Disaster Recovery (cloud DR) is a business continuity strategy that involves storing and maintaining copies of the records in the cloud as a security measure. The goal of cloud DR is to assure an organization with a method to recover data and/or implement failover condition in the event of a natural or a man-made disaster.

Image credit: TechTarget.com

Below are some of the effective ways of cloud DR:

Cloud service-level agreements

Service-level agreements (SLAs) help organizations in defining the terms and conditions before migrating the data on a cloud and incase of an unwanted contingency, can charge the service provider a proportionate penalty. This establishes accountability and therefore is the first step towards moving data on cloud.

Failback and failover methods to cloud recovery

For the purposes of continuity in business and services, the system should be able to fail over a similar redundant site or link, in case of a failure. Once the disaster is sufficiently addressed, the system is back on primary hardware and software. The Failback and Failover systems can be automated.

Choose the right service providers

Providers who follow industry policies and practices are worth the business transition. These providers ensure a functional back site, so that the main application fails safely and failing back to main system is hassle free.

Security at the user level

Cloud computing allows the administrator to set up users who can access the cloud and also define the levels of access as per the user. It is possible because of the ‘Attribute Based Access Control’ (ABAC) methods of cloud applications. ABAC is a method wherein the user requests for a permission to perform operations on the computer resources and the request is granted or denied based on the role the user performs in the organization.

Security measures undertaken by the cloud providers

Cloud providers, are competitive and keep the security of the cloud infrastructure top notch. Some of the popular security features are Firewall, Intrusion Detection System, Data-at-Rest Encryption. They invest heavily in the application security, while also providing physical security i.e., infrastructure, security staff, uninterrupted power and temperature controlled environment. Also the data is stored in redundancy format so even during regular maintenance services, the application works and the government services remain un-disturbed.

Cloud Computing Enabled Governments are the future

A Government is smart, if it is focused on governance rather than the government itself.

Conventional view of the people towards government can undergo a big change when they see the government optimizing its functioning to serve citizens better. The government is seen to be taking the right steps in this direction by enabling “Public Cloud Policy” and related policies around “Data Privacy and Protection”.  For example, The Government of Maharashtra is at the forefront creating an opportunity for public private partnerships for migrating the government data to the cloud. Under this policy, the government will ensure data is stored in India and maintained under the highest security standards.

To move quickly towards a future where service delivery to the citizens is effectiveness and transparent, the government must actively adopt the cloud as the underlying platform for IT driven service delivery to ensure that it does not get caught up with the wasteful task of building maintaining and managing the IT infrastructure.

Cloud computing infrastructure allows for building applications on top of it, without concern for the underlying IT infrastructure, and the ability to scale and expand with ease.

Email Retention Policy: Why Businesses Need To Take It Seriously

“Communication is the lifeline of an organization”

Communication is a very important aspect of any organization, helping to create a cohesive working environment to achieve organizational goals.

In the era of technology, communication and interactions have moved to various forms of electronic communications, of which, email has become the mainstream and official form of communication.

A myriad of important document exchanges ranging from offer letters, financial statements from the banks, property documents, unique identity services, authorization and authentication systems, now happen over email.

This makes the organization, protection, storage and retention of emails extremely important from a personal and professional point of view.

What is Email Retention?

Email retention involves the storing of historical email with on-demand retrieval and recovery as per the predefined policy and rules of the concerned organization.

Email messages are maintained in a logical manner for a specified period of time.

Policy Precedes all Actions

An Email retention policy helps in defining the period for which the emails will be present in the individual mailboxes after which they will be removed.

This policy also covers ways to recover the older emails in case of litigation or dispute. It improves the performance of the email system without increasing the operational complexities.

It facilitates effective knowledge management which eventually leads to business improvements and increased productivity. Let’s take a look at some more reasons in favor of an email retention policy.

Top Reasons Why an Email Retention Policy is a Must

1. Data Preservation and Protection

Official business communications often happen over email, sometimes carrying sensitive information in the form of attachments.

These attachments can be anything from a customer service commitment to an official service contract.

If the contract or related email gets misplaced then the stakeholders are left at the mercy of good faith, and have to bear the consequences.

2. Intellectual Property Rights Protection

It is commonly seen that employees discuss not only product or service features with each other, but also share technical specifications for feedback and development.

Thus maintaining adequate data security is a must. There have been cases where company email servers have been hacked and valuable insights into finances, business plans and product details have been stolen.

Such incidences are an impediment to individual as well as organizational growth.

3. Cyber Threats

Emails are the treasure trove of organizations and hence the computer systems become the primary target of the hackers. These attacks come in different forms like ransomware, malware, virus, worms to name a few.

A retention policy thus helps systematically maintain all the emails in batches on a cloud system as a backup and therefore, in case a cyber attack wipes out your PC, all your emails can be recovered safely.

Hassle-free email tracking and recovery ensures continuity in business and assures growth.

4. Regulatory Compliances

Companies in certain sectors such as ‘Health Care’, deal in voluminous patient records which are sensitive and valuable.

Therefore, regulatory bodies like the US department of Health and Human Services have put in place mechanisms and compliance standards such as HIPAA and Sarbanes-Oxley which the companies have to adhere to.

5. Litigation and eDiscovery Support

Innovation is the heart and soul of every organization and thus it must be protected with top most priority.

In case of misuse or theft of the idea, the company must be in a position to trace the method of theft and emails can help establish the ‘subtle/casual’ yet important communication ‘references’ to pin down the culprit.

From IP theft to contractual disputes to insider trading, the ability to trace communications leading up to the case is critical in any investigation.

In case of a lawsuit, lawyers are required to search and discover evidence from the complete email stack of an individual. Non-compliance with such requests leads to penalty and punishment.

So ability to retrieve older emails in an organized manner is very important. eDiscovery is a system which helps in easy search, location and retrieval.

Moreover, eDiscovery works offline as well. eDiscovery is widely used as an industry standard tool at the legal and HR teams’ disposal.

6. Internal Dispute Settlements

When a group of individuals communicate and work together, there are bound to be contentions and disputes. Email can help enforce accountability in the day to day tasks.

In case of disputes like stakeholder mapping, project management and delivery, emails help in tracking each stakeholder with the assigned commitments and thus helps maintain efficient work.

7. Organizational Competence

Organizational Competence is built over discussions, information and plans spanning long periods of time requiring huge efforts. Much of this is captured in the daily exchange of email.

The storage of emails should be such that it is difficult to breach and at the same time it is easy to uncover valuable information easily, as and when required for reference.

Email retention ensures that the entire knowledge repository is secure and easily accessible.

A reliable email archiving solution helps you successfully comply with the email retention policy. Here are a few points to keep in mind while selecting a cloud email archiving solution:

Compatibility: The archiving solution should integrate with your email client.

Capacity to ingest past emails (using PST files) that existed before the new solution is installed.

Data redundancy is a must have: Company data should be spread over a number of data centers to cover the risk in case of natural or artificial calamities.

Help complying with government mandates like HIPAA and Sarbanes-Oxley to avoid any future risk of legal issues

Swift archiving, search and retrieval: It should be operable by an everyday non -IT user equally easily.

Provide high data security and availability since it critical to business continuity.