Data protection is a term to overarch the mitigation against failures in protection (confidentiality), accuracy (integrity) and access (availability) that can cause an impact to data subjects and ultimately, your business. Compliance is about the governance of the GDPR and non-technical measures to adopt and adapt.
Risk-assessments enable decision-makers to consider everything from contractors leaving with passwords and insider-knowledge, and can lead to changes in technology, anonymisation of databases, deletion of old, unnecessary records, role-based access to customer data and so on.
But what about technical support and access to customer data, particularly when required on a large-scale? What measures are available to manage, minimise and control this?
Technology has a major role, not least of all in terms of monitoring and detecting a breach, but where to begin?
Look at areas such as increased encryption across all programs, apps, etc., added passwords and role-based access, alerts when people try to access data that they don't have access to, set up internal notifications for subject access requests (SARs) via the website.
However, people, processes and systems are bound to change and so it is important to adopt good systems and solutions which are capable of adapting. The system should be capable of policy and procedure creation, integration with a subject access request, breach notification, archiving and retention system.
Contact our Data Protection and GDPR Solicitors Liverpool, Wirral, Merseyside and Across England & Wales