Appropriate Security

Context:

One of the key ways that personal data can be protected and which is outlined within the GDPR is security measures. What the GDPR is not clear on is which specific measures should be implemented.

Considerations:

The measures you implement will depend on your organisational needs and appetite for risk. It will also depend on those systems and processes that you have in place.

This is an area where it would be wise to seek expert advice from IT and Legal specialists, either in-house or from external providers. The Gydeline software can help guide which specific actions to ask those providers to undertake.

How to:

Implement at least those security measures mandated within the GDPR:

  • Encrypt all personal information
  • Pseudonymise persona information
  • Set expiration dates on personal data
  • Implement data protection policies
  • Minimisation of data collection and processing

There are additional measures described within the GDPR that organisations would be advise to implement when working towards a fully compliant position:

  • Data backup/recovery and availability
  • Classification of data
  • Performance of vulnerability and impact assessments
  • Maintenance of processing and consent records
  • The ability for humans to intervene in processing

This list is not comprehensive but working through the Gydeline system will cover all the areas.

An additional way of demonstrating that appropriate security has been implemented is to attain a security certification. Achieving Cyber Essentials or ISO27001 is a very good way of showing that you have most of the security bases covered.

References:

  • GDPR Recitals: 29, 39, 49, 71, 78, 83, 156
  • GDPR Articles: 5

How Gydeline helps

We, at Gydeline, help small and medium sized organisations save money and time by building systems, processes and policies that simplify their business and support their sustainability aims.  We do this with a range of services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, free, no obligation assistance – just contact us.

Related Posts