List all assets you use to process personal data
Identify safeguards, vulnerabilities and any likely breaches
Verify if only authorized access is possible at any point of your job
If your organization implemented information security standards, there probably are policies, procedures, risk analysis results and at least an IT team that configures and safeguards most electronic devices. Next to internal solutions, there are some tips I want you to follow to avoid making mistakes.
First, think of assets you use to process personal data in your work. Of locations, equipment, networks, websites, software, digital files and printed documents. Do not forget about staff, as you and your colleagues are also assets who process personal data and can be a source of incident.
Second, think of any past or possible case where data have been unlawfully or accidentally lost, modified, disclosed or accessed. Think of any cases where data had not been available and try to answer why. Go through present safeguards and check how could they be broken. Report any issues.
Third, apply the need to know principle to all assets you control. Make sure only you can view the screen of your devices. Do not leave without locking or signing out and do not leave documents unattended. Do not leave keys in locks or in another drawer. Remember of securing printouts and using shredder. Lock documents and your room when you do not use it. Do not share data with too many recipients. Save data in network locations, so even if you lose device, the data can be retrieved. Make sure to use PINs, passwords and encryption both to drives and network connections. Do not use public Wi-Fi without an encrypted VPN tunnel and do not send files without securing them first. If you want to use private devices for work or use business devices for private purposes, make sure it has been pre-authorized. Apply special precautions when you work remotely. Protect data as if it was your own.
Next: GDPR staff training 12/17 – why provide information on data processing?
Table of contents:
GDPR staff training 1/17 – preview
GDPR staff training 2/17 – how do you approach data protection right now?
GDPR staff training 3/17 – why protect data at all?
GDPR staff training 4/17 – what are personal data?
GDPR staff training 5/17 – what is personal data processing?
GDPR staff training 6/17 – who processes personal data?
GDPR staff training 7/17 – how personal data should be processed?
GDPR staff training 8/17 – what are your roles & responsibilities?
GDPR staff training 9/17 – why the need to know principle is so important?
GDPR staff training 10/17 – what difference can you make?
GDPR staff training 11/17 – how do you approach data protection right now?
GDPR staff training 12/17 – why provide information on data processing?
GDPR staff training 13/17 – what is the sense of consents to data processing?
GDPR staff training 14/17 – what to include in and how to apply contracts?
GDPR staff training 15/17 – what to include in & how to apply contracts?
GDPR staff training 16/17 – how to handle data subject requests?
GDPR staff training 17/17 – wrap-up
Self-implement GDPR in 16 steps:
Complete data protection system – A-Z course & templates
