![mus2 indir mus2 indir](http://2.bp.blogspot.com/-I42dVMzmEQk/TsVwb0kXW_I/AAAAAAAAASA/OU_hVvMbX-Y/s300/imag_mus_200.jpg)
So make sure everyone with the key to the cupboard containing personal data is documented, along with why they need access to that cupboard.Īt this point, you know what you have, where it is and who can get at it. Remember, these principles also apply to physical data as well as logical data. When you put the costs of such solutions against the salaries of man hours, it very quickly becomes an attractive proposition with additional benefits such as audit trail, various reporting in an instant and scaleability. Access management technology is readily available to help you accomplish these vital tasks. You’d be surprised at rights that have built up over time, as you move from role to role within the company, are your new rights replacing your old ones or simply added to.Īgain, using people to do this is going to be challenging. We all know our employee’s salary is sensitive information and should only be available to the concerned individual, but would we necessarily apply the same controls to the birthdate of our contact at our favourite supplier, currently available to all in the CRM? Go through your HR CMS and document who has access to what data, why they have it, when it was granted and any review date of that access. You need to be able to demonstrate restricted access, justifiable access and control over that access. Now you have your database of data you can begin to address one of the core principles of the regulation – access control. Once you have compiled your data inventory, make sure you classify it appropriately and give it a risk profile. It’s unlikely that your staff will be able to complete this task alone, so look at automation tools that can find both structured and unstructured data and help catalogue it. Don’t forget, this doesn’t just apply to your customer data but also to that of your suppliers, vendors and employees.ĭon’t underestimate this task, it will likely take some time. Think about your production servers, your backup servers, your archive servers, cloud based services and storage. Control of this data very quickly becomes cumbersome and unmanageable which leads to not knowing what you have and, sometimes, why you have it. So, firstly, what data do you have and where is it stored? Do you know? That may seem like a silly question, but we’re in an era where we collect more data than ever before, faster than we’ve ever done. It will impact every department in your company. Your organisation should look at GDPR compliance holistically across your entire business. You need to start preparing for GDPR compliance and you need to start right now! Let’s start with the most important GDPR statement you will read today. Now I’m going to delve into some of the finer detail. In my last GDPR blog, I gave you an overall summary of the 2018 regulation.
![mus2 indir mus2 indir](https://mus2.com.tr/wp-content/uploads/2021/01/donanima-ariza-yazmak.jpg)
Guest blogger Richard Hancock continues his series on GDPR preparation.