5 practical tips for sharing personal data securely
Sharing privacy-sensitive data does not have to be complex. These five practical tips can help you make the way in which your organisation shares personal data a lot more secure.
Tip 1: Make sure the policy is clear
What information do you need to send securely? Through which channel and with what security? Employees are keen to do things well, but don't want to reinvent the wheel for each situation. They have enough other things on their mind! So provide them with a clear overview of all the types of information that your organisation shares. Add a step-by-step plan for each type. It must clearly state which information you share, in what way. Place this clear overview on your intranet, share it via email or put up posters. And choose software that supports employees in making the right choices. Preferably software that shows employees exactly what is happening. That helps them continually improve their understanding of personal data and the associated risks.
Tip 2: Make it easy for the recipient
There are a large number of tools available that allow you to securely share information. However, most solutions force recipients to perform all kinds of extra actions. For example, they first have to install an app, create an account or do a lot of extra clicks before they can read your message. This is not something most recipients are keen to do. Therefore, make sure you have a solution that makes it possible to share information securely, without burdening the recipient with additional hassle. This is also good for the employee to know who is sharing the information.
Tip 3: Make sure that all the contact information is complete
So make sure that the recipient does not have to install anything extra. But to ensure that shared information arrives securely, you sometimes take extra measures. For example, you send an authentication code to a mobile number, or agree on a password. For this you need information from the recipient in advance. So make sure you get that information as soon as you speak to the recipient. When creating a new customer, for example, immediately request the email address and mobile phone number, and immediately check these by sending a test email and text message. Do different employees communicate with the same recipient using a password? Then make sure everyone uses the same password. Fewer things to worry about for the recipient. There is also software that automatically arranges this.
Tip 4: Make secure sharing the most attractive experience
You can receive your data in two days by post or in one minute via a secure email. Which would you prefer? Recipients sometimes do not see the necessity for secure communication. Particularly if they themselves have to do something extra for that. This often changes quickly when you briefly and forcefully explain the benefits. You can add this communication automatically to your message. Undoubtedly, there will still be recipients who do not want to cooperate, or ask for extra information. For these situations, provide your employees with a few good arguments, with which they can also satisfy these critical recipients. Then of course you also refer to the legal obligation, and the threat of a fine.
Tip 5: Make sure you can act if something goes wrong
You can do a lot to prevent mistakes. Unfortunately, no solution or organisation can completely rule out a data breach. You must therefore know exactly what to do if things do go wrong at some point. Use tools that make intervention easier. Before you can intervene, you must first know where things went wrong. Then you immediately know what you have to do to limit the damage. For example, there are tools that can block access to a sent email. And which give you an overview of who has already viewed the email and attachments at that moment. This helps you to limit the damage, and to send a specific notification to the Dutch Personal Data Protection Authority.
Discover how a large hospital is successfully sending emails securely
Data leaks can result in reputation damage and a hefty fine. However, it always takes time to get new software working properly, and a flexible implementation depends on a great many factors. That's why it's nice to know that other organisations have successfully completed this process. Annemiek Knipscheer (ISO) explains why and how SJG Weert is now using ZIVVER. What are her experiences with secure emailing, and the implementation?
Some organisations are already GDPR compliant, others still have work to do to meet the legal requirements. To achieve this, a set of technical and organisational measures is required. There are many step-by-step plans on the Internet to help you with these measures. It is even more important yet to raise the awareness among your organisation’s employees. This is very […]
The GDPR is a hot topic. Due to all messages in the media, many myths circulate about this topic. A frequently-heard comment is: but it is related to privacy, and so it is forbidden under the GDPR anyway, right? To understand correctly what the law requires and what are the reasons for that, you should know what personal data are and how this differs from […]