Accurate security for employee’s telephone (also at BYOD)
Unique login code and password
Pseudonymizing personal data
No unsecured external hard drives
Do not make unsecured backups
Make sure that requests from data subjects are not only changed on regular servers but also on the back up server. Should you have to restore your data it must be up to date and the requests of data subjects must still have been carried out.
Do not store documents on a private laptop
Two factor or multi-factor authentication for all device and for all accounts where possible.
Transmission control: e.g. SSL certificate for websites (https: //) to transfer data within forms
Vulnerability management covers vulnerability scanning, security updating and penetration testing.