Search
Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

Best Online Privacy Practices for Small Business

Data protection is essential for all businesses, but it’s especially important for small enterprises. Larger corporations have wide client networks and considerable resources, making it easier to recover from any unfortunate breaches.

For a small business, the fallout can be catastrophic and may even cause operations to close. The damage can cause immediate loss of revenue and a tarnished reputation that can affect your earnings for years to come.

The best course of action is to ensure adequate privacy so that you never have to deal with the consequences of a breach. This applies to both company and customer information, defined as business and client data, respectively.

While it’s true that every organization will place a greater or lesser priority on the following practices depending on their scope of operations, all six of the points below are important.

They should be noted by all small business owners and managers. Taking these issues seriously now can save plenty of time and money in the future:

  1. Ensure Password Security
  2. Use a Virtual Private Network and Secure Sockets Layer Encryption
  3. Encrypt Data on Devices
  4. Make Two-Factor Authentication Mandatory
  5. Enforce the Creation of System Audit Logs
  6. Write and Publicize a Clear Privacy Policy

We’ve unpacked each of these principles in more detail for you.

1. Ensure Password Security

Strong passwords are the first line of defense regarding data protection. Each password should contain letters, numbers, and symbols, and be a minimum of eight letters long.

ake these requirements, along with regular resets, mandatory for all employees. Password managers, which create, store, and retrieve hack-resistant passwords, are also strongly recommended.

2. Use a VPN and Secure Socket Layer Encryption

The best definition of a Virtual Private Network (VPN) is a closed network superimposed over a public virtual network – almost always the Internet.

Think of the VPN as a channel that runs through the World Wide Web. Only those with access to the VPN can see the files that it contains. Employees around the globe can access information as securely as if they were all on a local intranet.

That makes VPNs especially essential if your staff members often travel for work and during crises such as the recent worldwide novel coronavirus pandemic.

Secure Sockets Layer encryption is usually known by its acronym, SSL. When this is in place, all communications that leave your website are encrypted and can only be decoded with a private key held by the software at their intended destination.

Your website should use the HTTPS protocol and should have an SSL certificate to ensure proper encryption. Some people might question whether they need SSL encryptions if they are already on a VPN, but the answer is a resounding yes. This way, if one system is compromised, the effects won’t be too serious.

3. Encrypt Data on Devices

Encrypting sensitive data on employees’ devices takes the redundancy in your privacy protection policy a step further.

Small businesses often utilize BYOD (Bring Your Own Device) policies and staffers might keep personal and work information on the same laptop, tablet or smartphone. That makes this kind of encryption especially important for smaller enterprises.

Activating data encryption on any machine is quite simple, although the specific steps depend on the make, model, and operating system that you’re using. You’ll be able to find and carry out the instructions within a matter of moments.

4. Make Two-Factor Authentication Mandatory

No single data protection method is infallible, so you should also make Two-Factor Authentication (2FA) mandatory within your company. Since it requires a little time and effort to set up, 2FA is often ignored unless employers make it obligatory. Essentially, a 2FA system works like a lock and an alarm system on a building do.

The individual trying to access files that are 2FA protected has to provide two proofs of identification instead of one. While unauthorized individuals might be able to get hold of one proof, it’s highly unlikely they’ll be able to access both.

We suggest instituting 2FA onto customer-facing sites and within your organization. This will ensure that your company doesn’t inadvertently share client data with hackers and that internal information transfers aren’t intercepted. Any of the 2FA apps that are currently available should allow you to set this up effectively.

5. Enforce the Creation of System Audit Logs

Login data must be carefully recorded and tracked, and the easiest way to do this is with audit logs. All systems within your organization should create these logs, so that if any security breaches do occur, they can be properly investigated and dealt with. The information could also prove invaluable in showing liability.

6. Write and Publicize a Clear Privacy Policy

Your company’s privacy policy explains how your business will collect, store, use, and share your client data. All data protection regulations stipulate that this policy should be easily accessible and understandable and should be kept up to date.

That means the document should be written in simple language, explaining how updates will be announced.

If you are engaging with your visitors, you will also need to ask them for their consent for any action you might have over their data, like sending marketing campaigns or newsletters.

5 Tips for Easy-to-Understand Website Privacy Policy Writing

Data Protection Must Be a Priority

Your data protection practices must be strict, effective and completely transparent. Today’s consumers are sophisticated, and likely to mistrust a site that is bogged down in legalese or bureaucracy. No matter how busy you are with other operations, make sure you take the time to put proper procedures in place.

Bear in mind that securing your systems and your data is just half of your obligations towards your customers. You are also obligated to properly handle, process, store, and use personal information and respect the rights granted to them under the privacy regulations.

Data is a precious commodity – so treat it that way. These guidelines are the best practices for maintaining online privacy in small businesses.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top