What is data confidentiality?
Data confidentiality is a central concept in the GDPR and includes the protection of personal information against unauthorised access, alteration, disclosure, misuse or destruction. It also includes the requirement to disclose how personal information is handled and used. This blog will focus on the confidentiality of personal data.
Definition of data confidentiality in the GDPR
The General Data Protection Regulation (GDPR) is an EU privacy and personal data protection law that entered into force on 25 May 2018. The purpose of the GDPR is to ensure that European citizens have control over their personal data and to ensure a uniform protection of privacy in the EU.
Companies and organisations that process personal information about European citizens are covered by the GDPR, regardless of whether they are located within the EU or not. They must follow strict rules for the protection of personal information, including duty to provide information, consent, rights of the data subject and security procedures. The purpose of the rules is to ensure data confidentiality.
Thus, GDPR is an important provision for the protection of privacy and personal information, giving citizens control over their data and ensuring that companies and organisations handle personal information in a responsible and secure manner.
Data confidentiality and your company
The GDPR does not specify exactly what security measures you should take. That’s because technological and procedural best practices change constantly. Right now, encryption and/or pseudonymisation anonymisation of personal data are technical measures you can use to protect confidentiality.
Policies about who can access what, and training that includes how to protect passwords, work devices and emails are among the organisational measures you can take.
Start your privacy cleanup with the big picture
A GDPR Risk report gives you a complete overview of the privacy risk in your company. The report is based on a scan with DataMapper.
Data confidentiality checklist
Here are a few things you can do right now to ensure data confidentiality:
1. Decide who should have access to personal data
Not everyone in your company needs access to everyone else’s personal information. Control access to customers, employees, and partners’ personal information, and especially their sensitive personal information. The fewer people have access to data, the lower the risk of a data breach.
2. Use encryption and passwords
Encryption uses algorithms to make data unreadable at rest or in transit. Strong passwords protect data from unauthorised access. Redacting or changing names and personal details
3. Pseudymise data
Pseudonymisation means processing personal data in such a way that this data can no longer be attributed to a specific individual, without the use of additional information. Pseudymised data still counts as personal data under the GDPR, but pseudonymisation does provide a measure of protection and is considered a suitable safeguard in some cases.
4. Anonymise or delete data you no longer use
Anonymised personal data can no longer be connected to an identified or identifiable individual in any way. It is no longer considered personal data. You should delete or anonymise personal data when there is no (more) lawful purpose to keep it in a way that enables identification of an individual.
5. Establish a confidentiality policy
Set up a confidentiality policy. A list of instructions on how employees should handle confidential data to ensure its protection. Make sure everyone understands what to do with personal data. This will save time and reduce the risk of common errors that could cause data breaches. Your data confidentiality policy will be for internal use, but it should be consistent with your public privacy policy. It should include:
- What types of data you will accept/collect from people
- How you can use it
- Who you can share it with
- How you will protect it
- How long you can keep it, and so on.
Get our Newsletter!
In our newsletter you get tips and tricks for dealing with privacy management from our founder Sebastian Allerelli.
When you sign up for our newsletter you get a license for one user to ShareSimple, which will give you a secure email in Outlook. This special offer is for new customers only, with a limit of one freebie per company.
Data confidentiality software
Data confidentiality software can help you find out who has access to what data, protect data at rest and in transit, improve your policies, and more. In Safe Online, we create tools to protect the confidentiality of data and process personal information. Our solutions are:
DataMapper – Find your sensitive data
ShareSimple – Send and receive data securely in Outlook
RequestManager – Process data subject requests easily
Sebastian Allerelli
Founder & COO at Safe Online
Governance, Risk & Compliance Specialist
Follow me on LinkedIn to get tips on GDPR →
