Security
Practical security measures small and medium businesses can take to protect personal data, from password policy to breach response.
New here? Start with these
Recommended reading order for SMEs
articles
Access Control: Who May See Which Personal Data? arrow_forward
Not everyone in your business needs access to all personal data. Good access control is one of the most important security measures under the GDPR.
CCTV and Privacy: The GDPR Rules for Business Owners arrow_forward
Installing security cameras at your business? The GDPR sets strict requirements for CCTV: from signage to retention periods. This article explains what's allowed, what's required, and what mistakes to avoid.
Application Register: Which Systems Process Personal Data? arrow_forward
An application register is an inventory of all systems and tools that process personal data in your organisation. It supports your record of processing activities and is essential during a data breach.
GDPRWise and NIS2 - Cybersecurity Legislation for Businesses arrow_forward
The NIS2 directive introduces new cybersecurity requirements for businesses in the EU. GDPRWise Enterprise has a full NIS2 action list and templates built in, right on top of your GDPR work.
List of Approved Third Countries for Data Transfers Outside the EU arrow_forward
The GDPR restricts transfers of personal data to countries outside the EU, unless an adequacy decision applies. Here you'll find the current list and what it means for you.
Code of Conduct for Privacy - Rules for Your Employees arrow_forward
A privacy code of conduct sets out how employees should handle personal data in their daily work. Practical guidelines you can apply immediately.
Consider a Cyber Security Insurance arrow_forward
A cyber insurance covers the financial damage from a data breach or cyber attack. This article explains what a cyber insurance covers, when it makes sense, and what to look out for.
How to Anonymise Data under the GDPR arrow_forward
Anonymised data falls outside the GDPR. But true anonymisation is harder than you think. This article explains the difference between anonymisation and pseudonymisation, and how to apply it correctly.
Data Retention: How Long May You Keep Personal Data? arrow_forward
The GDPR requires you not to keep personal data longer than necessary. But how do you determine the right period? This article explains how to create a data retention policy with concrete examples per data type.
Information Security Policy - What Should It Include? arrow_forward
An information security policy describes how your organisation protects personal data and business information. This article explains what to include, how to draft it, and how to keep it up to date.
Data Security for Paper Documents arrow_forward
The GDPR doesn't only apply to digital data. Paper documents containing personal data must also be secured. This article explains the measures you need to take for physical files, contracts, and correspondence.
Periodically Check Access Controls for All Your Tools arrow_forward
Who has access to which data in your business? If you don't check regularly, risks accumulate. This article explains how to set up a periodic access review.
Privacy Governance Framework - Structuring Your Privacy Policy arrow_forward
A privacy governance framework brings structure to how your organisation handles personal data. Learn what it involves and how to build one step by step.
Encryption: Should I Encrypt My Data? arrow_forward
The GDPR mentions encryption as one of the most important security measures. But what exactly is it, when is it required, and how do you approach it practically as an SME? This article provides concrete guidance.
Don't Share Personal Data via WhatsApp with Your Staff arrow_forward
WhatsApp is not suitable for sharing customer data, addresses, or access codes with employees. This article explains why, with a real enforcement case from Finland and practical alternatives.
Data Breach: What Is It and What Should You Do? arrow_forward
A data breach can happen to any business, from a misdirected email to a hacking attack. This article explains what a data breach is, when you must report it, and what steps to follow.