Data Protection: How to Protect Data in SMEs
At present, we have to be very careful with Data Protection in SMEs, first of all, because the Organic Law on Data Protection (LOPD) is mandatory for all companies that, concerning their activity, handle personal data of others (customers, suppliers, employees), in addition, to avoid essential fines or complaints.
We define the LOPD as the rules that regulate the treatment we must have regarding personal data (national identity document, telephone number, address, bank account, etc.) that we may have at our disposal about other people.
Although this does not mean that we are safe from being sanctioned with these actions, we must be very attentive to any modification in the legislation adapt and comply with the requirements as quickly as possible.
Below we explain the treatment that we must grant to protect SMEs data. The first thing we should know is that the LOPD classifies data security at different levels:
Basic: these are merely identifying data (name, marital status, sex, etc.)
Medium: Contains somewhat more sensitive information than in the previous level; it refers to the subject’s heritage, personality, criminal record, etc.
High: Reflects data on ideology, beliefs, race, sexuality, etc. This level is oriented to the intrinsic characteristics of the person.
After that, you must notify and update them in the AEPD, whose access to the files can be done from its page.
In addition, if we have medium and high-level data, we are obliged to designate a security officer to coordinate and control it.
Failure to carry out these actions, not having a security document and keeping it up to date may lead to a severe or severe infraction, which can rise to 600,000 euros.
On the other hand, we have to be aware that it is not only enough to have computer security measures (antimalware, antivirus, quality servers, etc.) and correct electronic data processing, but also physical measures, however obvious they may seem. (files with restricted access, furniture with locks, access log, etc.).
For all this, it is vital to have expert professional services in the field, although this does not exempt us from complying and keeping up with our obligations since it would save us time and headaches.
Having the proper data protection for SMEs, for our small or medium-sized companies, is of vital importance and, in addition, it is possible to enjoy this service for free. We all have the following tools at our disposal for free, from the public website itself:
It makes it easier for us to carry out an internal audit to find out if we comply with the Data Protection law, ensuring its anonymity so that in case of non-compliance, we cannot be fined.
After carrying out a small test, it provides us with a report with the measures to solve the deficiencies. We must conduct our audit at least every two years.
This tool allows us to modify and delete files in the AEPD, filling in and sending the forms online or correspondence. When entering the web, we must select and mark private ownership.
Preparing security documents helps us download a security document model. We only have to fill in our data referring to security measures, accessing the AEPD website.
Free software to comply with the LOPD
It allows us to comply with the requirements of said law. There are several, depending on our needs:
- Software for implementing security measures to allow access to different programs, the Internet, request passwords, etc. All this is to guarantee the LOPD.
- Software for encryption and decryption of USB drives.
- Software for updating security documents, allowing them to be modified and forwarded to the AGPD.
- The software allows us to make backup copies of data stored on different devices or programs.