Does Your IT Security Policy Cover Data Integrity? Here's Why They Should

read -
Published 26-Jan-2018 08:12:44
Does your IT security policy cover data integrity?
 

What is data integrity?

Data integrity basically translates as handling data safely, preventing corruption, unlawful changes, and unauthorised access. Safety can be breached because of accidental changes like programming errors, or deliberate hacks. Leaving data open to hacks could also be considered a serious programming error.

Some forms of data integrity include:

  • Encrypted backup.
  • Read/write privileges e.g. access control.
  • Input validation - making sure data entry is accurate.
  • Data validation - checks the security of inputted data.

Who’s at the frontline of data integrity?

An IT or digital team is trusted with handling and storing data, just like a language expert is trusted with interpretation and translation. They’re the experts, and they know how to understand the processes, so it makes sense that they’d be the initial people responsible for safeguarding data and information.

Everything your organisation does with personal and financial data needs to be considered and monitored, so a considerable amount of trust is placed in that core IT team. Those that handle data need clear systems and standards in place to avoid error - one small act of carelessness can cause a huge amount of disruption.

GDPR and data integrity

Data protection laws introduced throughout Europe in May 2018 will primarily involve how data is used, shared, and stored. People in all kinds of businesses will have expectations to meet, and those in IT specifically will need to make sure they’re clued up on their role no matter what their industry.

The ‘right to be forgotten’

People will have the right to ask their data be forgotten by a company, and have it permanently removed from any database. Your data model will need to accommodate this and leave no trace of their information on the current record of data, in any backups, or in any third-party services, such as MailChimp and HubSpot.

Does Your IT Security Policy Cover Data Integrity Here's Why They Should

Sharing data with the owners

If someone wants to check what data a company holds about them and how it’s used, they’ll be able to get a full report after GDPR. Any data you hold will need to be easily exported and accessible to the person requesting information. The way their data is used needs to be accurately reported too, vague reasoning like ‘marketing communications’ might not be enough.

How consent is given

Those ambiguous ‘I agree to the terms and conditions’ check boxes will be considered too vague after GDPR, and don’t ensure the person handing over their details really understands what their info will be used for. Not only will the necessary tick boxes need to change for new data, anyone who’s previously ticked ‘I agree’ will have to be given more specific information so they can decide if they want their data to be forgotten or not.

Log all access to data

If data is accessed within your organisation, why and how needs to be logged. This helps the data owner understand how their data is used, and makes it easier for your organisation to pull up the details.

Users can edit their profile

People should be able to change and update their own data, rather than have to request to change it. If your organisation obtained data through a third party, the data owner should still be able to use their phone number or email address to access it.

Restrict processing

Both the organisation, and the user themselves, should be able to press a button which essentially hides a person’s data. No one in the company will be able to view it and it stays completely private. It’s an option the user should have control over.

2018’s GDPR HAS changed the way organisations can store and extract data. Download our ultimate GDPR guide to protecting your data, and find out what to do first.

 

Get your FREE GDPR guide now

 

security data protection support data integrity consult deploy latest manage supply