The GDPR and other regulations require that we be careful in how we handle sensitive data. One of the easiest ways to avoid a data breach incident, and any accompanying fine, is to limit the sensitive data your organization collects and then restrict the "exposure" of that data, within your organization. Many high-profile incidents in the last few years have been caused by sensitive data leaking out of database copies held on test and development servers, which are typically less well protected than the production servers.
If you want to avoid being mentioned in the news for lax security, then a good start is to ensure you keep PII and other sensitive data away from any less secure environments. One way the GDPR recommends we do this is by pseudonymizing or anonymizing sensitive data before it enters these insecure systems.
No comments:
Post a Comment