GDPR sounds like a bogeyman for large corporations, but in reality it concerns every company that works with personal data, including a small one. We will not go into legal paragraphs here; that is for a specialist. We will look at the technical and security side that a company can actually influence and that we will help you manage.

What personal data actually is

Personal data is anything by which a specific person can be identified: name, email, phone, address, IP address, a photo, but also camera footage. If, as a company, you hold such data about customers or employees (and almost every company does), GDPR concerns you.

The IT side of GDPR, in simple terms

In practice, a large part of GDPR is about keeping data under control and secure:

  • Securing the data. A leak or encryption of data by ransomware is a security incident from a GDPR point of view. Updates, backups and security principles help.
  • Access only for those who need it. Not everyone should see everything, and when an employee leaves their access must be revoked.
  • Cameras by the rules. Marking the area, a justified purpose and a limited retention period; more in the article on camera systems.
  • Deletion and retention. Being able to delete data on request, while keeping what the law requires.
  • Service providers. The cloud, email or accounting system process your data for you, so choose trustworthy ones.

What a small company should practically do

  • have an overview of what personal data it holds and why,
  • secure the systems (updates, antivirus, strong passwords and 2FA),
  • manage access and revoke it when people leave,
  • back up and be able to restore data in case of an incident,
  • report a more serious data leak within the set deadline.

This is the technical and security part that we can set up for you. Consult the legal aspects (directives, consents, contracts) with a GDPR specialist; the two go hand in hand.

Want the IT side of data protection properly handled? Get in touch and we will help secure the systems, access and backups so that you are prepared.