To ensure a level of security that is appropriate to the risk and to prevent a personal data breach scenario, you should apply appropriate security measures.
The Personal Data Protection Agency recommends measures such as: safe storage of hard copy documents containing personal data, for example, in lockers with a lock; giving access to personal data stored in electronic form only to authorized persons; advising employees to use complex passwords, regularly backing up electronic records; the pseudonymization or encryption of personal data, especially in the case of special categories of personal data.
In addition, it is important to regulate certain issues with by-laws and internal procedures, and last but not least, to work on increasing awareness within your organization because a large percentage of personal data security breaches occur due to human errors.
Example:
Regarding the security of personal data, the controller should take responsibility for the development and implementation of security policies and procedures, as well as employee training. Also, the controller should check if security measures have been taken and should do an investigation in case of security breach.
