How to treat sensitive personal data?

Como tratar dados pessoais sigilosos?

How to treat sensitive personal data?

Companies are now more aware of the need to protect the personal data of customers and vendors with whom they work. In addition to the increased risk of computer attacks today, new data protection laws have added to this need to protect sensitive data. The GDPR has been in force since May in the European Union and Brazil is preparing to receive a new data protection law very similar to European legislation (Brazilian law is known as LGPD). Increasingly, companies need to treat their personal data correctly, failing to see their information exposed and, above all, to escape the large fines that the regulation applies to violators. In today’s article, we leave you important tips for dealing with sensitive personal data!

Store data in the cloud (and make backups!)

Storing data in the Cloud is one of the best security precautions for businesses, both in terms of efficiency and security. Although there is still some concern about this new technology, storing the files in the Cloud is extremely secure and the latest studies prove just that. It is also advisable for company backups to be in the Cloud, as this form of backup offers several benefits over more traditional forms: increased portability, lower installation and maintenance costs and a higher level of security.

Appoint a Data Protection Officer (DPO)

The DPO is the new profession created by the new data protection regulation, however it is not a mandatory requirement for all organizations. The company needs to check if it is mandatory to appoint a Data Protection Officer. In case of need, this professional is responsible for the obligations contained in the RGPD.

The new regulation requires that a DPO be designated if one of these cases occurs:

  • The processing of data is carried out by a public entity (except courts that act in their judicial capacity);
  • The core activities of the company consist of regular and systematic monitoring of personal data of subjects on a large scale;
  • The core activities of the company are the large-scale processing of data related to criminal activity/complaints/offenses/etc provided for in articles 9 and 10.

However, even in cases where it is not mandatory, it is advised that the company appoint a person responsible for the processing and security of the data, as this would give more control over the information.

Use VPN on out of office connections

A virtual private network (VPN) is a type of private connection that uses a public network to access your company data. It contains a connection encryption that prevents data interception and IP tracing. This is the safest way to access corporate data through public networks such as hotels and airports. A VPN service allows you to connect to any Internet network and simultaneously to a server of the VPN provider that you are using. Instead of using your own IP, this connection will use an IP that belongs to the VPN provider, ensuring greater security to your navigation. Your Internet connection is encrypted between the device you are using and the server to which you are connected. This hidden IP address allows you to access the Internet in complete privacy and allows navigation to be tracked or monitored. Consider the following analogy: you are driving a car on a highway while an airplane is following your entire route. On this plane, cybercriminals travel with everything they are doing along the way. After some time driving on the freeway with the plane above, it enters a tunnel and there is no way that the cybercriminals of the plane can spy on him. The same is true for VPN. Once you connect through this route, there is no one able to see which sites you visit and what operations you perform online.

Automation of tasks

Many tasks in the area of ​​information technologies are quite repetitive, which leads to demotivation by human resources and increases the probability of failures on the part of these. Automating processes is a way to reduce IT costs, as it is not necessary to highlight a collaborator to be exclusively dedicated to monotonous tasks. Automation reduces the time that the tasks take to execute and decreases the probability of human error. This is one of the most effective safety precautions you can implement.

Data masking

Masking the data has the main purpose of protecting confidential data against unauthorized access. In practice, data masking tools create a version similar to the original data in terms of structure but without revealing its true information. In fact, its original format remains unchanged but the data presented is fictitious. Masked data can be used in test and auditing environments without compromising the result of the analysis, but always ensuring the confidentiality of sensitive information. In a time when it is increasingly important to protect sensitive information, the use of data masking has increased significantly. The main reason and one that should be the focus of your performance as a manager is the enhanced security of the data. With data masking you can use sensitive data in test environments and ensure that confidential information remains unabated. This masked information may be used for marketing and auditing purposes, as well as for analyzes of consumer behavior and market trends. Even if the data is exposed, anyone reading it will not be reading the true version of the information. Thus, data masking solutions like Datapeers will be increasingly needed in business as they allow you to “hide” true information.

There are many new terms that have emerged with the new GDPR and there is still some lack of awareness of some of the changes that the RGPD brings with it. We prepare a Glossary with all the terms you need to know to receive the new regulation accordingly!

Download our Glossary here!

About the author

Marketing administrator

Leave a Reply

Privacy Policy

  • Português
  • English
  • Español
Copyright © 2017 - 2017 DATAPEERS All rights reserved