Security
Practical security measures SMEs can take to protect personal data.
The Human Factor: Why Most Data Breaches Start with Your Employees arrow_forward
80 to 90 percent of all data breaches have a human cause. This article discusses the most common scenarios, from phishing to misdirected emails, and gives practical tips to make your team more resilient.
Data Security - Where to Start? arrow_forward
Data security is a core requirement of the GDPR, but where do you begin? This article gives you a practical step-by-step plan to get the security of personal data in your business in order.
System and Software Security - Key Principles arrow_forward
The software and systems you use form the foundation of your data security. This article covers the principles you need to apply to keep your systems secure.
Password Policy: Best Practices for Your Business arrow_forward
Weak passwords are one of the biggest security risks for SMEs. This article provides practical guidelines for a good password policy: password managers, 2FA, minimum length, and common mistakes.
Access Control: Who May See Which Personal Data? arrow_forward
Not everyone in your business needs access to all personal data. Good access control is one of the most important security measures under the GDPR.
Application Register: Which Systems Process Personal Data? arrow_forward
An application register is an inventory of all systems and tools that process personal data in your organisation. It supports your record of processing activities and is essential during a data breach.
CCTV and Privacy: The GDPR Rules for Business Owners arrow_forward
Installing security cameras at your business? The GDPR sets strict requirements for CCTV: from signage to retention periods. This article explains what's allowed, what's required, and what mistakes to avoid.
GDPRWise and NIS2 - Cybersecurity Legislation for Businesses arrow_forward
The NIS2 directive introduces new cybersecurity requirements for businesses in the EU. GDPRWise Enterprise has a full NIS2 action list and templates built in, right on top of your GDPR work.
List of Approved Third Countries for Data Transfers Outside the EU arrow_forward
The GDPR restricts transfers of personal data to countries outside the EU, unless an adequacy decision applies. Here you'll find the current list and what it means for you.
Code of Conduct for Privacy - Rules for Your Employees arrow_forward
A privacy code of conduct sets out how employees should handle personal data in their daily work. Practical guidelines you can apply immediately.
Consider a Cyber Security Insurance arrow_forward
A cyber insurance covers the financial damage from a data breach or cyber attack. This article explains what a cyber insurance covers, when it makes sense, and what to look out for.
How to Anonymise Data under the GDPR arrow_forward
Anonymised data falls outside the GDPR. But true anonymisation is harder than you think. This article explains the difference between anonymisation and pseudonymisation, and how to apply it correctly.
Data Retention: How Long May You Keep Personal Data? arrow_forward
The GDPR requires you not to keep personal data longer than necessary. But how do you determine the right period? This article explains how to create a data retention policy with concrete examples per data type.
Data Security for Paper Documents arrow_forward
The GDPR doesn't only apply to digital data. Paper documents containing personal data must also be secured. This article explains the measures you need to take for physical files, contracts, and correspondence.
Information Security Policy - What Should It Include? arrow_forward
An information security policy describes how your organisation protects personal data and business information. This article explains what to include, how to draft it, and how to keep it up to date.
Periodically Check Access Controls for All Your Tools arrow_forward
Who has access to which data in your business? If you don't check regularly, risks accumulate. This article explains how to set up a periodic access review.
Privacy Governance Framework - Structuring Your Privacy Policy arrow_forward
A privacy governance framework brings structure to how your organisation handles personal data. Learn what it involves and how to build one step by step.
Encryption: Should I Encrypt My Data? arrow_forward
The GDPR mentions encryption as one of the most important security measures. But what exactly is it, when is it required, and how do you approach it practically as an SME? This article provides concrete guidance.
Don't Share Personal Data via WhatsApp with Your Staff arrow_forward
WhatsApp is not suitable for sharing customer data, addresses, or access codes with employees. This article explains why, with a real enforcement case from Finland and practical alternatives.
Data Breach: What Is It and What Should You Do? arrow_forward
A data breach can happen to any business, from a misdirected email to a hacking attack. This article explains what a data breach is, when you must report it, and what steps to follow.