You’ll need to take a risk based approach when considering the appropriate level of security for the personal data you process, including its use, storage and transfer.
Consider your data security
You’ll need to take a risk based approach when considering the appropriate level of security for the personal data you process, including its use, storage and transfer. It’s not about numbers of individual subjects, or amounts of data. It’s more about how the data is used, day to day, and the sensitivity of the data you process. You wouldn’t intentionally misuse personal data, but poor controls may lead to a breach of the rules.
What to consider:
How data is processed, stored and transferred and where the biggest risks exist
Do your staff understand how to avoid data loss? This is commonly caused through human mistakes
Are your data security methods sufficiently robust and up to date, especially online
Consider the costs of your security – you may need to invest more than you think.
Here’s some suggestions of how to limit data loss:
Upgrading your physical security
Bringing your fire walls up to date
Encryption of data and have a policy on this
Ensuring you have adequate support to remotely remove, access or recover data
Regularly testing your security and possibly have an independent assessment
Rarely is security full proof, but you may need to demonstrate to the regulator (ICO) that you’ve taken all reasonable steps based on the level of risk.