Standard security measures
In the register of processing activities you can indicate which security measures you have taken to protect personal data. A number of frequently applied measures are described below.
Use https: It is wise to provide each website with an SSL certificate. The address then changes from http: // … to https: // … Encryption is now applied.
- Drafting an Information security policy
- Setting up and implementing an information security management system (ISMS)
- External testing and certification of ISMS against ‘Security Verified’ standard
- External testing and certification of ISMS against ISO 2700 standard
- Screening of employees
- Security awareness training for employees
- Drafting and maintaining of risk inventory
- Keep an incident register
- Installation of firewall
- Installation of virus scanner
- Protection against data loss
- Regular and structural backup of data
- Encryption of data in the database
- Encryption of hard disks / storage
- Encryption of data during transport
- Regular PEN testing of systems by external ethical hackers
- Having a responsible disclosure policy
- Use two-factor or multi-factor authentication
- Establishing rules for choosing and recording passwords
- Appoint a Data Protection Officer
- Drafting and publishing on the website of a privacy statement
- Mandatory password protection on laptops and other mobile devices
- Mandatory encryption on laptops and other mobile devices