G Suite's Security Center is vital to ensure GDPR compliance
Incase you missed it, Google recently released a brand-new security center for all its G Suite customers. Despite the name, this isn't a high street store for people to walk into and buy padlocks, bolts and burglar bars. Instead, the security center is a single virtual dashboard which company admins can go to to check their G Suite security status.
Located within the Admin Console, the security center can give an instant snapshot into an organisation's security situation. For example, your administrator(s) can view how many files have been shared with users outside the company, check that the spam filter is performing as it should, see what messages have been encrypted, and study the number of managed devices.
The security center is a very important innovation for companies. In just three months' time, the General Data Protection Regulation comes into effect. Every single registered organisation, (whether for-profit or not-for-profit), will have to abide by it. Among other things, GDPR sets a new, much higher standard for any body which retains, stores or processes an individual's personal data. In plain English, every single organisation should strengthen their measures against data breaches, data loss and data theft.
The penalty for failing to comply (€20,000,000 or 4% of your global annual turnover, whichever is higher), is enough to put many organisations out of operation for good.
G Suite already contains a number of security measures which ensure GDPR compliance. For example:
The Google Device Policy (required for any mobile device in the world which holds sensitive work data) enables a remote wipe should the mobile device be lost or stolen.
Inserting SPF and DKIM authentication are essential to combat spam and the more sophisticated phishing methods which exist today.
Google Vault's capability now extends to Google Drive files as well as Gmail and Hangout messages.
The G Suite Admin Console gives you the chance to transfer ownership of data before deleting a user from the list, so their data stays in the company regardless if they leave.