Data classification is the key to protecting information and comply with GDPR and LGPD

Reading Time: 3 minutes

Martin Sugden, CEO of Boldon James, was in Brazil last week and shared a warning that organizations need to comply with LGPD: “companies need to know what kind of information they have, were it is stored and how to deal with it”.

While organizations are increasingly concerned with data protection, many do not have the right tools to protect their information, and do not apply data classification to their data collection, processing, and handling processes. Systems have been designed to view data as belonging to the company not the individual that shared it with the organization. With the arrival of GDPR and LGPD, organizations are having to adapt to the new reality.

Martin Sugden, CEO of Boldon James, was in Brazil last week to meet clients and local partners and on November 29 he met with key members from the local business media to discuss how organizations comply with LGPD: “Companies need to know what kind of information they have, where it is stored and how to deal with it”.

According to Sugden, “Once you understand what information you have, and where the information is held you can make informed decisions about the level of security to be applied from who can access it to should it be encrypted or anonymized to do, I even need to keep it. The current security strategy must take into account that GDPR and LGPD rules are rigid and that any information should be protected wherever it is, including mobile devices, in the supply chain or with advisers. Your users need to be trained and understand your policies”, he commented.

“Recent surveys point out that at least 1/3 of IT executives claim that mobile security is one of their biggest concerns, especially as modern working practices involving mobile devices, social media and BYOD make it easy to lose or inadvertently share data”, said Martin Sugden.

According to the CEO of Boldon James, financial services companies report the most concerns about data security, but it is these companies that invest more in data classification policies and tools. With the GDPR and LGPD, the banking and financial institutions must increase their investments in data security. “Other organizations should follow the same path, so they can better protect their vital business data”, Sugden emphasizes.

Boldon James has been working for 30 years on the development of data classification techniques, being responsible for numerous pioneering data classification projects in large companies in several countries.

The Boldon James Classifier solution allows labels to be filtered to handle, hold, or send documents safely outside of organizations, either to mobile devices, partners or customers.  For example, last year a USB was found on a London street with 76 highly classified files regarding the travel routes taken by Queen Elizabeth when using Heathrow airport, including airport patrol timings  and the identity of personal protection officers who had access to certain secret areas at the airport. This data should not be downloadable and if it was it should be encrypted. A simple classification label using Classifier would have triggered a Rights Management tool to stop this happening.

“Do you know what is critical in your company? If data classification technology were to be applied in conjunction with say a Data Loss Prevention solution or Rights Management, this sensitive data loss would most likely not happen”, said Martin Sugden.

Boldon James in operates in Brazil through a network of local partners, including Apura, Netconn, and B & A (Brasiliano & Associados). For the Brazilian company considering GDPR and LGPD laws opportunity these local partners can help you deliver a comprehensive solution to meet your regulatory demands.

To contact our Brazil office please click here.