Keeping data safe

Chapter 11 concentrates on keeping the data the organisation holds safe. GDPR places an obligation on organisations to protect the information that they hold about individuals. This means that they should have an appropriate information security framework. Any “data” that is held should be protected in case of a breach, cyber attack or unauthorised access. Security was already one of the Data Controller’s responsibilities under previous legislation but with GDPR it has become a legal requirement. The chapter discusses the risks posed to data and then discusses security measures that can be put in place to protect that data (both physical and cybersecurity measures are discussed. There is a useful table of data security terms at the end of the chapter and advice on how to be cyber safe.