What to do if your company has a personal data breach?
As you probably know, personal data processed in your company must be properly secured.
We secure both data stored online and offline – i.e. in paper form.
This security should be effective both to prevent uncontrolled loss of data and to prevent unauthorised persons from gaining access to it.
Common safeguards for personal data stored on paper may include:
Safes and cabinets: This is a basic security measure that provides physical protection against unauthorised access.
Mechanical and electronic locks: These are different types of locks that can be used on cabinets, desks or on the records themselves to limit access to personal information.
Marking and segregation: Documents can be marked and segregated in such a way as to easily identify the type of data and the level of confidentiality.
Access Control: May include granting permission to those authorized to have exclusive access to documents and monitoring and recording who has physical access to stored data and when.
Surveillance Systems: Video monitoring, alarms and motion sensors can be used to identify and notify staff of unauthorized document access attempts.
Storage in locked and secured rooms: Documents should be stored in secure rooms that are locked and access controlled.
Document destruction: After exceeding the specified storage period, documents should be destroyed in a safe and irreversible manner, e.g. by passing through a document shredder.
Popular safeguards for personal data stored online:
Data encryption: This is the process of transforming data in a way that makes it difficult to read by unauthorized persons. Encrypted data is safe even in the event of interception or unauthorized access.
Passwords and two-factor authentication: Using strong passwords and two-factor authentication (e.g. a code sent to a mobile phone) further protects personal data from unauthorized access.
Firewall: This is software or hardware that controls network traffic and protects against unauthorized access to personal information.
Intrusion Detection Systems (IDS): IDS monitors the network in real time and detects unauthorized access attempts, generating alerts when suspicious activity occurs.
Antivirus software: Antivirus scanning helps detect and protect against malware that may be used to steal personal information.
Password Manager: A password manager is a tool that helps you manage and store your passwords securely, eliminating the need to use easy-to-guess passwords.
Employee training: Support for data security also includes appropriate training of employees to pay attention to risks related to the confidentiality of personal data and be aware of the latest security practices.
Data leak prevention (DLP) software is a set of tools and technologies that are used to prevent data leaks from within an organization. The main goal of DLP is to monitor, control and protect data against unauthorized exit from the system.
Remember to authorize employees who have access to personal data in your company and to keep a register of these authorizations!
More about DLP
DLP software uses various methods and techniques such as content analysis, filtering, classification and categorisation of data to identify sensitive data and monitor its flow. A DLP system can run on various infrastructure layers, such as network, endpoints, servers and applications.
Basic DLP software features include:
Detection and monitoring: The software analyzes the content and context of data such as emails, documents, files or transactions to identify sensitive information. It can also monitor user activities, such as copying, printing or sending data.
Access Control: DLP software prevents unauthorized access to data and limits user permissions based on their role and responsibility within the organization.
Securing data in motion: DLP can monitor the network to detect and block sensitive data, such as passwords or customer information, from being transmitted outside the organization.
Reporting and audit: DLP software records information about detected incidents, generates reports and allows for the audit of data-related events. This allows organizations to track and analyze data security events.
DLP is especially important for organizations that store and process large amounts of sensitive data. It helps prevent data theft, information loss, non-compliance with legal regulations and minimizes reputational and financial risks related to data leaks.
Data Leak Prevention (DLP) software costs for small businesses in the UK can vary significantly depending on the provider and type of service. Prices are usually adjusted to the individual needs of the client and the number of licenses. However, as a rough guide, the cheapest options can start at around £500-1000 per year.
If you are the owner of a website or a mobile application and want to create a Privacy Policy that will comply with the law – our website: “Online Business” may be useful.
If you are the owner of a website or mobile application and you are not sure whether the Privacy Policy published by you is lawful – our service: “UK GDPR Consultation” may be useful.
Have a question?
Go to our service page if you need a consultation or other help related to UK GDPR
Our Service
Your Key to Data Protection