5 Essential tips for dealing with sensitive data

5 Essential tips for dealing with sensitive data

One of the biggest concerns of all companies is the protection of information. Never before the need to protect data was so evident. A study carried out by Forrester predicts that the global number of used smartphones will exceed 3.5 billion in 2020 and this massive use of mobile devices will boost the existence of computer attacks, compromising in large measure the privacy of each and every one. GDPR is right there and it is essential that companies are prepared to deal with the sensitive data they store and deal with every day. GDPR makes the difference between sensitive and non-sensitive data and it is important for organizations to know how to handle this data. In today’s article, we will explain what sensitive data are and we’ll give you 5 essential tips to deal with this type of information!

What are sensitive data?

Sensitive data are those that possess information that people do not want shared and that can pose a high risk of exposure in social and professional life. Examples of sensitive data are the full name, credit card number, telephone number, and full address.

How to deal with sensitive data?

1. Right to forget: giving people the possibility of their data be erased. With the new legislation, companies are required to allow citizens to request that their data be permanently deleted from their databases.

2. You should use simple, concise and objective language. Citizens when giving you your personal data should understand why you need the data and what kind of treatment it will be subject to. Citizens also have the right to know for how long their data will be stored and who will receive them.

3. Data portability: citizens may require companies to send their personal data in a format that allows them to be sent to another company, facilitating their migration and making it simpler to change service provision. Whenever a citizen changes banks or a television service provider, he or she will not have to provide his / her personal data again, as they can be easily migrated from one company to another.

4. Records and proof of consent: In relation to online customer relations, company systems should expose privacy policies in clear and objective language. Consent to data processing by citizens should be retained to serve as evidence of free and unequivocal consent.

5. ‘Default’ and design privacy: measures should be taken to ensure the protection of data from the design of computer applications, minimizing the processing of personal data, masking of data, encryption, among other things. The goal is to be able to explain the whole treatment process and data protection.