How to make your employees aware of the importance of secure information processing

Some organisations are already GDPR compliant, others still have work to do to meet the legal requirements. To achieve this, a set of technical and organisational measures is required. There are many step-by-step plans on the Internet to help you with these measures. It is even more important yet to raise the awareness among your organisation’s employees. This is very important, since 46% of all data breaches occurs because employees do not handle sensitive data consciously. How do you make sure this will change within your organisation?

1. Organisational measures

As a CISO, you record a lot in order to be accountable, in compliance with privacy legislation. You have to give evidence you have arranged certain issues. For instance, drawing up processor agreements with suppliers, a protocol for reporting data breaches, or a privacy impact assessment when making use of certain tools and software. You can arrange many issues independently as a CISO. However, the introduction of new policies, such as for reporting data breaches, affects other parts of the organisation as well. The organisation should first understand why you take these measures, and what is expected from its employees.

2. Technical measures

Technical measures are necessary to organise the protection of personal data. Think of the encryption of data, two factor authentication, or regulating access by using entry passes. Sometimes the existing solutions are not sufficiently fitting, so you obtain new solutions. The key factor in the application of technical measures are the users: your organisation’s employees. If they do not make use of the technical solution, your organisation still does not comply with the privacy legislation.

3. Awareness among employees

To make the organisational and technical measures successful, you definitely need support among the employees. Not only do you need support from the IT department, but from all employees who process personal data in any way. In our e-book, we will explain how you can reach this in an accessible and effective way.

Get going

As a CISO, you are facing a major challenge: creating awareness within the organisation. This is truly crucial. If employees are not fully aware of the implications of the unsafe processing of personal data, you keep on firefighting. But how do you start this awareness process? In our e-book, you will find answers to the question: how to create awareness about the secure processing of personal data within my organisation.

Download the ebook

shutterstock_219503161 (1)

What is the difference between personal data and privacy-sensitive information?

The GDPR is a hot topic. Due to all messages in the media, many myths circulate about this topic. A frequently-heard comment is: but it is related to privacy, and so it is forbidden under the GDPR anyway, right? To understand correctly what the law requires and what are the reasons for that, you should know what personal data are and how this differs from […]

Read more
shutterstock_675065458 (1)

Data and human errors: Where does it go wrong?

People make a mistake every 200-20,000 actions. So when humans play a role in a system, it is very likely they make mistakes. Like writing ‘2017’ for instance, when it should be ‘2018’, forgetting their keys, calling somebody by the wrong name. These things happen, after all, you cannot make an omelette without breaking eggs. Most people spend a large part of their […]

Read more