Video


Data protected under GDPR is not everything. Which information in the organization should be particularly secured?

Posted: by Jan Nawrot

Category: gdpr

We already know that the May 2018 Regulation sets a new dimension in the protection of personal data and makes changes to the definition of sensitive data. This information plays a key role for companies processing them in space. Are there any additional confidential materials that could compromise the proper functioning of the organization and which are not covered by the General Data Protection Regulation - GDPR? Yes, and more importantly, when they are neglected they can cause the same (often irreversible) damage, loss of competitive advantage or loss of market position.

Company information under constant protection.

Next to personal data (of customers, staff, partners, etc.) and sensitive data there are the secrets of the enterprise. The secret of an enterprise is "(...) not disclosed to the public technical, technological, organizational information or other information of economic value for which the trader has taken the necessary operations to preserve their confidentiality". Consequently, such information as: status of assets and liabilities; revenue, profit and sales achieved in a given period; patents and recipes; policies and contracts; financial commitments; terms of cooperation with contractors; business / financial / strategic plans; costs or losses incurred - all of these can be considered as business secrets. The above-mentioned data to be classified as confidential should be backed up by confidentiality and value-for-business activities. On the other hand, sharing of data with people inside / outside the organization should be the subject to constant monitoring, paying special attention to the competition.

Ways to protect business secrets.

Information that is confidential, most often provide business liquidity. How important they are for the company shows the incident from September 2001 - the attack launched on the World Trade Center. About 60% of the companies that were stationed in the attacked objects suddenly lost not only valuable employees, but also a large amount of data stored on computer disks or cumulative files. It would seem that, thanks to the powerful compensation and commitment of the management boards, they would quickly return to the market, but it was different - companies went bankrupt. As you can see, the cumulative data was fundamental, and their destruction made it impossible to rebuild businesses.

In order to breach information it is enough that someone with bad intentions will use the visible and publicly available documents, copy files placed on electronic media or break into the company server. Criminals are aware that sensitive, commercial, technological or competitive data is not hidden in a safe room occupied by professional guards. It is usually protected by a key-drawer or a secured computer system. The main purpose of creating this system is to implement a security strategy by controlling, monitoring your databases, particularly vulnerable to intentional or unintentional interception. In addition, contract protection is a very common practice. As part of this, the confidentiality clause is signed in all areas where the company shares information (both in contacts with employees, contractors, and potential business partners). Whenever someone discloses a secret, despite the signed clause, it is necessary to show him his dishonest act as soon as possible. Furthermore, the injured organization may demand from perpetrator the removal of the adverse effect and the reparation of the damage done; creating a declaration with the imposition of form and content; giving monetary amount for a social purpose.

Information security as a fair investment.

Considering the increasing number of cybercriminals and criminals attacks, maintaining security seems to be complicated and requires constant control. Indeed, security is a very complex issue, closely linked to the skillful management, processing different types of information, education of current and future employees and the selection of solutions that are tailored to the needs of the organization. In order to ensure that the company is properly prepared for emergencies, it is advisable not only to form internal security departments but primarily to seek support from outside security professionals.

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Udostępnij
Read more:
Step-by-step preparation for GDPR - checklist
GDPR

Step-by-step preparation for GDPR - checklist
An overview of the Regulation and its most frequently discussed issues
GDPR

An overview of the Regulation and its most frequently discussed issues
How was GDPR introduced? Facts.
GDPR

How was GDPR introduced? Facts.
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to [email protected], or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: [email protected].

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact