Secure personal data | European Data Protection Board

1. unauthorised or accidental access to data - breach of confidentiality (e.g. identity theft following the disclosure of the pay slips of all employees of a company);
2. unauthorised or accidental alteration of data - breach of integrity (e.g. falsely accusing a person of a wrongdoing or crime as a result of the modification of access logs);
3. loss of data or loss of access to data - breach of availability (e.g. failure to detect a drug interaction due to the impossibility of accessing the patient's electronic record).

• hardware (e.g. servers, workstations, laptops, hard drives);
• software (e.g. operating system, business software);
• communication channels (e.g. fiber optics, Wi-Fi, Internet);
• paper documents (e.g. printed documents, copies);
• premises.

• provide an automatic session lockout mechanism when the workstation is not used for a given period of time;
• install firewall software and limit the opening of communication ports to those strictly necessary for the proper functioning of applications installed on the workstation;
• use regularly updated antivirus software and have a policy of regularly updating software;
• configure software to automatically update security whenever possible;
• encourage the storage of user data on a regularly backed-up storage space accessible via the organisation's network rather than on workstations. If data is stored locally, provide users with synchronisation or backup capabilities and train them in their use;
• limit the connection of mobile media (USB sticks, external hard drives, etc.) to the essentials;
• disable autorun from removable media.

• use obsolete operating systems;
• give administrator rights to users who do not have computer security skills.

• prohibit the use of downloaded applications that do not come from secure sources;
• limit the use of applications that require administrator-level rights to run;
• securely erase the data on a workstation before reassigning it to another individual;
• in the event that a workstation is compromised, search for the source and any trace of intrusion into the organisation's information system, in order to detect whether other elements were compromised;
• perform security monitoring of software and hardware used in the organisation's information system;
• update applications when critical vulnerabilities have been identified and fixed;
• install critical operating system updates without delay by scheduling a weekly automatic check;
• disseminate to all users the proper course of action and the list of people to contact in the event of a security incident or unusual event affecting the organisation's information and communication systems.

• install intrusion alarms and check them periodically;
• install smoke detectors and firefighting equipment and inspect them annually;
• protect keys used to access the premises and alarm codes;
• distinguish building areas according to risk (e.g. provide dedicated access control for the computer room);
• maintain a list of individuals or categories of individuals authorised to enter each area;
• establish rules and means for controlling visitor access, at a min imum by having visitors accompanied outside of public areas by a person from the organisation;
• physically protect the computer equipment with specific means (dedicated firefighting system, elevation against possible flooding, redundant power supply and/or air conditioning, etc.).

Under-dimensioning or neglecting the maintenance of the server room environment (air conditioning, UPS, etc.). A breakdown in these installations often results in the shutdown of the machines or the opening of access to the rooms (air circulation), which de facto neutralises the security measures.

• inside restricted areas, require all individuals to wear a visible means of identification (badge);
• visitors (technical support staff, etc.) should have limited access. The date and time of their arrival and departure must be recorded;
• regularly review and update access permissions to secure areas and remove them as necessary.

• define a unique identifier for each user and prohibit accounts shared by several users. In the event that the use of generic or shared identifiers is unavoidable, require internal validation and implement means to track them (logs);
• impose the use of sufficiently strong Password complexity rules (e.g., at least 8 characters, upper case and special characters);
• store passwords securely;
• remove obsolete access permissions;
• carry out a review on a regular basis (e.g. every six months);

What not to do

• create or use accounts shared by several people;
• give administrator rights to users who do not need them;
• grant a user more privileges than necessary;
• forget to remove temporary authorisations granted to a user (e.g. for a replacement);
• forget to delete the user accounts of people who have left the organisation or changed jobs.

• the procedures to be applied systematically on the arrival, departure or change of assignment of a person with access to personal data;
• the consequences for individuals with legitimate access to the data in the event of non-compliance with the security measures;
• measures to restrict and control the allocation and use of access to the processing.

Personal data can be rendered anonymous in such a manner that the individual is not or no longer identifiable. Anonymisation is a process that consists in using a set of techniques to make personal data anonymous in such a way that it becomes impossible to identify the person by any means that are reasonably likely to be used.

Anonymisation, when implemented properly, may enable you to use data in a way that respects the rights and freedoms of individuals. Indeed, anonymisation opens up the potential for the reuse of data that is initially not permitted due to the personal nature of the data, and can thus allow organisations to use data for additional purposes without interfering with the privacy of individuals. Anonymisation also makes it possible to keep data beyond the retention period.

When the anonymisation is implemented properly, the GDPR no longer applies to the anonymised data. However, it is important to keep in min d that the anonymisation of personal data in practice is not always possible or easy to achieve. It has to be assessed whether the anonymisation can been applied to the data at issue and maintained successfully, considering the specific circumstances of the processing of the personal data. Additional legal or technical expertise would often be needed to successfully implement the anonymisation in compliance with the GDPR.

• Issue a telework security policy or at least a set of min imum rules to be respected, and communicate this document to employees according to your internal regulations;
• If you need to change the business rules of your information system to enable teleworking (e.g., change the clearance rules, remote administrator access, etc.), consider the risks involved and, if necessary, take steps to maintain the level of security;
• Equip all your employees' workstations with at least a firewall, anti-virus software and a tool to block access to malicious sites. If the employees can use their own equipment, provide guidance to secure it (see "Security measures for BYOD");
• Set up a VPN to avoid direct exposure of your services to the Internet whenever possible. Enable two-factor VPN authentication if possible;
• Provide your employees with a list of communications and collaboration tools appropriate for remote work, which guarantee the confidentiality of exchanges and shared data. Choose tools that you control and ensure that they provide at least state-of-the-art authentication and encryption of communications and that the data in transit is not reused for other purposes (product improvement, advertising, etc.). Some consumer software can transmit user data to third parties, and is therefore particularly unsuitable for corporate use.