24 Solutions recently attended Expo Dataskydd 2017, a day focused on integrity and data privacy– questions that are gaining more and more attention largely due to GDPR. Our CIO Pelle Nilsson was one of the speakers at the fully booked event. He spoke about the important data protection and information security policy, what it is and what it should include.
Documentation and policies are set to increase in importance with the GDPR and Pelle Nilsson provided some practical tips that will make your work a bit easier.
- Don’t reinvent the wheel. Do you already have a policy in place? In many cases some parts of old policies are great, so don’t be afraid to re-use certain parts of old policies when creating your new one.
- Remember that a policy is not set in stone. Don’t be afraid to revise a policy, in fact, they should be updated and kept current.
- Don’t get too caught up in details. Policies should be broad. Focus more on purpose and goals instead of detailed technical processes.
Draftit who develop web tools for, i.e., data protection organized Expo Dataskydd. Visitors received many handy tips to facilitate their adaptation work to GDPR, and were able to attend exciting lectures covering both legal and technical aspects of the regulation.
A number of things were emphasized during the day, including the importance of Privacy by Design and having role-based access to personal data. Privacy by design means built-in integrity. Privacy and integrity issues should govern the entire life cycle when it comes to system development and IT, and be incorporated into the organization. A lot of the speakers also emphasized the value of having role-based access to personal data. Access to personal data should not be determined by hierarchy, but by the role. Apart from deciding what kind of personal data you actually need to process and store, companies also need to decide who will access the data. It is important that companies decide which employees need to access personal data, and keep this list as short as possible.