26 July 2018
Data protection is a term to over-arch the mitigation against failures in protection (confidentiality), accuracy (integrity) and access (availability) that can cause an impact to data subjects and ultimately, your business. Compliance is about the governance of the GDPR, and non-technical measures to adopt and adapt.
Risk-assessments enable the decision-makers consider everything from contractors leaving with passwords and insider-knowledge and lead to changes in technology, anonymisation of databases, deletion of old, unnecessary records, role-based access to customer data and so on.
But what about technical support and access to customer data, particularly when required on a large-scale? What measures are available to manage, minimize and control this?
Technology has a major role, not least of all in terms of monitoring and detecting a breach, but where to begin?
Look at areas such as increased encryption across all programs, apps etc, added passwords and role-based access, alerts when people try to access data that they don't have access to, set up internal notifications for SARs via website.
However, people, processes and systems are bound to change and so it is important to adopt good systems and solutions which are capable of adapting. The system should be capable of policy and procedure creation, integration with SAR , breach notification, archiving and retention system.
To find how our friendly and knowledgeable solicitors can help you, contact us today.
Make a free enquiry - Call now - 0151 659 1070