Secure data storage
Data has become one of the most valuable and tradable currencies in the world. It is no surprise then, that it has also become the favorite target of some scary people. This makes secure data storage more important than ever.
Data that must be stored securely includes:
- Personal identification information (PII). Names, date of birth, social security numbers, addresses, phone numbers, and more.
- Financial data like credit card numbers, bank account information, and tax records of your employees, customers, and others.
- Health information like medical records, prescription information, insurance details, biometrics, and genetics.
- Other sensitive data about people’s race or ethnic origin, religion, education, political affiliations, sexual orientation, criminal history, and trade union or association memberships.
- Confidential business information and intellectual property such as patents, trademarks, trade secrets, and financial reports.
- Government information such as classified documents and sensitive national security information.
- Legal information such as confidential client information and attorney-client privilege communication.
Most of us do not store classified government documents. However, we do accumulate plenty of personal, financial, health, and other sensitive data about our customers and others. For this article, we’ll be focusing on how you should store personal and sensitive data belonging to other people. Especially your customers. However, the storage guidelines we’re about to discuss for customer information can be applied to many types of data.
Want to clean up your emails for sensitive information?
With an analysis scan by DataMapper, you can have all Outlook accounts in your company scanned. You will receive key statistics on all (current and former) employees' emails - including information on which emails, employees and processes generate GDPR risk.
Storing customer data
The first thing you should consider is whether you should collect the data at all. Minimizing the data you collect in the first place is a great way to save time, and reduce storage costs and liability. Once you have the data consider if you really need to store it. Keep personal data only if necessary for the purpose for which you collected it. Avoid storing unnecessary or sensitive data.
GDPR compliant data storage
Make sure you have the appropriate consent or another legal basis for collecting and storing personal data. Privacy laws also require you to take reasonable “technical and organizational” measures to protect sensitive data. Start protecting the data from the time you request or receive it. Then, you must continue to protect the data for as long as it remains in your storage.
How to store customer data securely
Specific requirements for secure data storage may vary depending on the type of data being stored and the laws and regulations that apply to you. But here are some solid guidelines on how to store customer data securely. Make sure you do these 5 things:
- Choose a secure storage method. Store personal data in a secure location, such as an encrypted database, a password-protected file, or secure cloud storage service.
- Keep backups and perform updates. Make regular backups of your data and store them in a secure location to ensure that you can recover the data in case of loss or corruption.
- Limit access. Only give access to personal data to those who need it for legitimate business purposes. Keep track of where personal data ends up, who accesses it, when, and for what reason.
- Use strong passwords. Educate your team on how to create strong passwords to keep unauthorized persons from getting into their work accounts. Change all your passwords regularly.
- Protect your work devices. Prevent theft or damage by keeping your phone and computer in a safe place when you are not using them. Use lock screens and passwords to prevent unauthorized access. Keep physical files behind locked doors.
Finally, audit yourself by checking up on all of the above from time to time. Are your policies still appropriate for the types and amounts of personal data that you store? Does everyone on your team understand and follow your security rules? Check your systems to make sure everything is working properly. Fix any vulnerabilities.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Safe but accessible data
Not everyone on your team needs access to all personal data. However, data should be easily accessible to someone who can check to make sure it is up-to-date. This should be done regularly. Review and update customer data to ensure that it is accurate. You will also need someone to access it quickly to respond to data requests.
Where do you store customer data?
Most companies already have years and years’ worth of personal data scattered around in different storage locations and emails. Where do you store personal data? Use DataMapper to find out where your data is, how old it is, who has access to it, and whether it is safe.
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
