DATA PRIVACY MATTERSNumber One Data Privacy Blog
Most modern CRM programmes can be tailored to suit your individual company needs, so provision should be built within your system to allow for input from customer-facing staff, especially while trying out a new service being offered, or when a new product is being launched to customers
What the ICO doesn’t provide is a plan for dealing with a data breach. If you don’t have one, then you should start to make one now. The last thing that you want to be doing when you are dealing with the reputational fallout that accompanies a data breach is working out the practical steps that you need to take
Account management policies are broader in scope than password policies. They cover topics such as account-user access and levels of access, the principle of least privilege for new account creation (only giving access to minimum and required resources
When you read about big GDPR fines in headlines, you may have noticed they’re typically issued to entities that either have vast resources at their disposal or a particular moral duty to protect sensitive data
Under the GDPR, the principle of accountability becomes more important. Your organisation is not only required to adhere to the principles set out in the GDPR, but must also demonstrate compliance.
As for the processing of sensitive personal data, the treatment can only occur when the data subject or her or his legal representative consents specifically and in highlight, for specific purposes