Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
A frame work for data security
Plan for data breach and have a policy and procedure
Notification of breaches will be compulsory!
Notification to the ICO unless unlikely to result in a risk to the rights and freedoms of individual
Notification to the individual where high risk to their rights and freedoms e.g.: discrimination, identity, theft or fraud
Must be notified to ICO within 72 hours ( not business hours)
Identify type of data
Cause of breach
Remedial action
Security Frame work designed to provide
The pseudonymisation and encryption of personal data;
The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Data Security – basic steps - company house keeping
CONFIRM AND REVIEW POLICIES ON
Passwords
Two Factor authentication
Up to date Anti virus software
Malware and e mail awareness training
Restricted personal use of company machines
Data architecture
Encrypt data on PC
Secure back up of data
Within the information you hold, where does paper fit in to your GDPR controls?
Personal identifiable Information location
Access controls
Usage controls
Digital storage and architecture
Lawful retention
Individual document identifiers
Printing control
Breech policy
In considering the Information you hold: Reducing paper breaches Data Privacy Impact Assessment of paper which holds PII
DPIA is required where the processing is “likely to result in a high risk to rights and freedoms” of individuals
I confirm that I want to receive educational material, product announcements and information from simpledatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime.
(Full details available on the use of data are available within the privacy policy area on this web site)
Sorry! could not submit your request.
Thank you, to submitting your request. Please click to download your check list and information guides.
In order to provide you with the reports upon completion of this assesment please provide the following information
I confirm that I wish to use this risk assessment and receive education material, product announcements and information from simpledatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime.
(Full details available on the use of data are available within the privacy policy area on this web site)
I confirm that I want to receive educational material, product announcements and information from
simpledatasafe.co.uk and they hold my data for that purpose only.
You have a right to request stop anytime. (Full details available on the use of data are available within the privacy policy area on this web site)
Sorry! could not submit your request.
Thank you, for your interest. One of our representatives shall call you back as soon as possible.