Secure data storage
Data has become a very valuable and tradable currency. It is therefore no surprise that data has become subject to abuse. Safe processing of data has thus become more important than ever before, and part of good data processing is the storage of this data. Most companies accumulate lots of personal, financial, health and other sensitive data about employees, customers and other contacts. This article will focus on how to keep data, including sensitive data about your customers, employees, etc., so that it is protected.
Minimising data
The first thing you should consider is whether you should collect the data at all. Minimising the data you collect in the first place is a great way to save time, and reduce storage costs and liability. Once you have the data consider if you really need to store it. Keep personal data only if necessary for the purpose for which you collected it. Avoid storing unnecessary or sensitive data.
Start your GDPR cleanup where it is needed the most
Sensitive data can tends to accumulate in the employees' e-mails. With a GDPR Risk Scan from DataMapper, you get a report that shows any potential GDPR risks in the company's e-mails.
GDPR compliant data storage
GDPR sets specific requirements for data retention, including limitation of the retention period, security requirements and requirements to inform individuals of their rights. Therefore, it is crucial for companies to implement appropriate technical and organisational measures to ensure that their data storage practices comply with the GDPR’s provisions. This includes, among other things, ensuring that data is stored securely, that there is a clear and documented retention policy, and that procedures are in place to accommodate requests for data access, correction and deletion from individuals. In summary, the GDPR’s requirements for data storage revolve around the following:
- Appropriate technical and organisational measures
- A clear and documented storage policy
- Limitation of the storage period
- Procedures for responding to data requests from individuals
How to store data securely
Specific requirements for secure data storage may vary depending on the type of data being stored and the laws and regulations that apply to you. But here are some solid guidelines on how to store data securely. Make sure you do these 5 things:
- Choose a secure storage method. Store personal data in a secure location, such as an encrypted database, a password-protected file, or secure cloud storage service.
- Keep backups and perform updates. Make regular backups of your data and store them in a secure location to ensure that you can recover the data in case of loss or corruption.
- Limit access. Only give access to personal data to those who need it for legitimate business purposes. Keep track of where personal data ends up, who accesses it, when, and for what reason.
- Use strong passwords. Educate your team on how to create strong passwords to keep unauthorised persons from getting into their work accounts. Change all your passwords regularly.
- Protect your work devices. Prevent theft or damage by keeping your phone and computer in a safe place when you are not using them. Use lock screens and passwords to prevent unauthorised access. Keep physical files behind locked doors.
Finally, audit yourself by checking up on all of the above from time to time. Are your policies still appropriate for the types and amounts of personal data that you store? Does everyone on your team understand and follow your security rules? Check your systems to make sure everything is working properly. Fix any vulnerabilities.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Where do you store data?
Most companies have for many years accumulated personal data and spread it around in various computer systems, file folders and in e-mails. What is your practice when it comes to data storage? With a Data Discovery tool, like our DataMapper, you can find out where your files, emails and pictures with personal information are, how old they are, who has access to them and whether they are secure, etc.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
