These rules describe how and where data should be safely stored. Questions about storing data safely can be directed by the IT manager or data controller.
When data is stored electronically, it must be protected from unauthorized access, accidental deletion and malicious hacking attempts.
Data should be protected by strong passwords that are changed regularly and never shared between employees.
Servers containing personal data are sited in a secure location (Data center), away from general office space.
Data is backed up frequently with a software which has encryptions. Those backups should be tested regularly, in line with the company’s standard backup procedures.
Data are never being saved directly to laptops or other mobile devices like tablets or smart phones.
All servers and computers containing data should be protected by approved security updates, Antivirus software and a firewall.
Personal E-mail’s and USB data transfer are blocked with the policies through Firewall, ADS Server and Antivirus Applications.
Everyone who works for or with company has some responsibility for ensuring data is collected, stored, and handled appropriately. Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
The CTO / IT MANAGER IS RESPONSIBLE FOR:
Reviewing all data protection procedures and related policies, in line with an agreed schedule.
Arranging data protection training and advice for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Checking and approving any contracts or agreement with third party/parties that may handle company’s sensitive data.
Ensuring all system, services and equipment used for storing data meet acceptable security standards.
Performing regular checks and scans to ensure security hardware and software is functioning properly.
Evaluating any third-party services, the company is considering using to store or process data.