The risks when processing personal data and who is responsible
In the past especially a company's IT specialists were in charge of information security, and a number of technical measures were sufficient to protect the information system.
But so much has changed, and there are so many new possibilities and applications that information security requires a comprehensive approach. Even though management has to take the initiative, any individual who can influence one or other element of the information system has responsibilities nowadays. This is almost every person who works for the company. It is of the utmost importance that everybody actively participates in safeguarding security, every single day.
Management can do so by drawing up a policy and ensuring that the measures it introduces are actually put into practice; members of staff by acting according to those measures, for example by not disclosing unnecessary information or making sure that the door of a room where confidential information is stored is locked properly, or by not giving a personal access code to somebody else, …
For itself and for its staff, management has to elaborate a code of conduct and make its members of staff aware of it. All members of staff have to realize how important it is that they observe security rules. They have to be fully aware of the consequences of not using information with due care and according to the rules. For everyone in the company, it should become second nature to observe security measures. This is the only way for a security policy to be effective.
- In general
- Theme sections
- Sensitive data
- Information security
- Data quality
- The different rights
- Cross-border transfers