All Response Media

You are here: Home / GDPR / GDPR and security: Processing personal data securely

GDPR and security: Processing personal data securely

by

When looking into GDPR and security, a key principle of the UK GDPR is that you process personal data securely using appropriate technical and organisational measures.

Office workers

What is regarded as appropriate technical measures?

The Information Commissioner’s Office (ICO) outlines some technical measures that an organisation should consider, including physical and computer/IT security. Let’s take a closer look at this below:

Physical security

It is important as a business to consider a few factors:

  • The protection of the building – For example, whether you have the appropriate protection for the building security. As an organisation, it is essential to consider alarms, security lights, and CCTV.
  • CCTV – Consider how the CCTV is disrupted throughout the site and the correct signage.
  • Departmental access control – Staff should only be able to access rooms in the building that are necessary for their work.
  • ID passes – Staff should only access the necessary floors within the building.
  • Visitor’s protocol – Meaning any visitors should be registered upon entry and supervised by the staff member they are in contact with.
  • Disposal of documents – Think about how paper documents are disposed of. For example, are they shredded? Are they removed offsite in confidential waste bags? 

Computer/IT security

The security of your computer/IT systems is also an important factor:

  • System security – What measures have been implemented to protect your security system? What are the processes put in place to ensure data is held securely?
  • Data security – Ensuring appropriate access controls are in place and that data is held securely.
  • The consideration of implementing information security incident planning.
  • Consider the implementation of firewalls, malware scans, and anti-virus protection. 
  • Use tools such as password manager to protect systems. 
  • Consider Encryption and pseudonymisation (replacing information that could be used to identify an individual).

Regional TV: how to test a brand response

Poland: how to polish up your EU expansion

Learn more
Learn more

All Response Media Viewpoint

Poor information security can cause a loss or abuse of personal data. It is important to create security awareness within the organisation to avoid data breaches. Staff should be made aware of what is expected from them by providing them with policies and procedures and ensuring they have up-to-date training that can avoid breaches from occurring.

Contact us if you are interested in using data sources to supercharge your customer acquisition strategies in a GDPR-friendly way across UK and the EU.
Speak to one of our experts

Sources
ICO: Guide to data protection
Keith Budden: GDPR weekly show
GDPR Appropriate Technical and Organisational Measures


Subscribe For More

Newsletter Signup