although protecting a company’s confidential information has always been important, even more important since the entry into force of the new General Data Protection Regulation, because it establishes sanctions that could be between 2% and 4% of the company’s entire annual turnover, or from 10 to 20 million euros.
This has led companies to have exercised extreme precautions to protect sensitive information,taking all kinds of preventive measures and creating security policies that avoid risks from the moment the information is created, stored and until it is destroyed.
If you haven’t implemented any security measures yet to protect your company’s confidential and reserved information, here are some ideas.
You are interested in:
The keys to the New General Data Protection
Regulation.
Prevention measures to keep your company’s confidential information protected
> Digitizing information
One of the keys to protect sensitive information is to store it in digital formats,as this will make it much easier for us to protect and keep it safe, we may limit your access and make backups that allow us to continue accessing the information in case of loss.
Digitizing information will also help save space in the company’s physical files,taking away from classic images of rooms full of shelves and filing cabinets in which all the information is stored, since all that documentation can be stored on a small computer.
> Protecting information
Digitizing the information is the first step, but not the only one, since it is necessary to protect the informationwith security keys that are difficult to decrypt, in order to be a guarantee that only those enabled users who know the keys and are authorized to do so access this information.
It is important that only those employees who need the information have the keys,to avoid risks and keep greater control.
Also, in order to prevent risks, it is highly advisable to change the accesskeys from time to time, as this will make it much more difficult for those who want to access it fraudulently.
You are interested in:
> Backups
Backing up is essential to keep sensitive information safe,because in case of any type of computer attack or the device on which the information is stored, we may continue to access it.
Once done, you have to make sure that the backup works properly and you can restore it. It is also recommended that the backup be in a location away from the original data source and properly protected with passwords or access keys.
> Keep antiviruses up to date
On the other hand, having a good antivirus and keeping it constantly updated is essential,especially at a time when hackers are increasingly designing increasingly complex and harmful cyberattacks for businesses.
> Appoint a Data Protection Officer
With the entry into force of the GDPR, the figure of the Data Protection Officer (DPO) takes on a great deal of prominence within companies, as a figure that guarantees the correct compliance with the GDPR itself.
The DPO will be responsible for knowing the risks and measures necessary to protect company information and ensure compliance. In any case, the DPO merely advises the company in relation to the protection of confidential data,and in no case will it make decisions.
You are interested in:
Practical tips for the destruction of confidential documents under the new Data Protection
Regulation.
> Destroy sensitive information
Where it is no longer useful and the minimum required 4 years have passed in which the information must be stored and available for possible inspection, as established by the GDPR; it is very important to proceed with the complete destruction of confidential documents.
Many companies store large amounts of documents that, while useless, include sensitive company information that could be very damaging if it fell into the wrong hands.
To avoid this risk, it would be best to destroy confidential documents so that the information they contain is completely unrecoverable.
For this there are different methods, the most effective being the shredding of documents. A good option to ensure that information cannot be re-accessed is to contract the services of external companies specializing in the destruction of documents that include certifications of their correct destruction.
conclusion
Here are some of the main measures you should take in your business to protect sensitive information, prevent potential leaks, and ensure GDPR compliance, otherwise you could face sanctions with very large amounts.
