How Businesses Can Protect Their Digital Data in 
Today we must be very cautious with the Company’s Data Protection, firstly because compliance with the Organic Law on Data Protection (LOPD) is mandatory, secondly to avoid significant fines or complaints and, thirdly to keep the internal digital data of our business and the third parties involved safe.
In the previous paragraph, I referred to the (LOPD) understood as such the regulation that regulates the treatment that we must have before the personal data (our national identity document, telephone, postal or electronic address, bank account, etc.) that a company may have at your disposal, both from employees and from your customers or suppliers.
On many occasions, companies consider that they duly comply with said organic data protection law by registering their files with the Data Protection Agency (AEDP) or by acquiring the services of a company that takes care of it, as Movistar offers you with CiberSeguro Empresas.
Although this does not mean that with these actions, we are safe and get rid of being sanctioned, so we must be very attentive to any modification in the legislation, adapt and comply with the requirements as quickly as possible; if you have contracted these services consistently, can notify you in time.
Next, we mention the treatment that we must grant to protect company data. The first thing we should know is that the LOPD classifies data security at different levels:
Basic: The only identifying data (name, marital status, sex, etc.)
Medium: contains slightly more sensitive information than the previous level; it refers to the subject’s heritage, personality, criminal record, etc.
High: reflects data on ideology, beliefs, race, sexuality, etc.
This level is oriented to the intrinsic characteristics of the person.
After being clear about the levels, you must notify and update them in the AEPD, whose access to the files can be done from its website, giving us some comfort.
If we have medium and high-level data, we must designate a security manager to coordinate and control it. If not carrying out these actions and not having a security document and keeping it up to date, it could lead to a severe infraction with a fine of up to one million euros.
In addition, we must be aware that it is not only enough to have computer security measures (antimalware, antivirus, quality servers, etc.) and correct electronic data processing, but also physical measures, however obvious they may seem (files with restricted access, furniture with locks, access registration, safes, etc.).
For all these reasons, having adequate company data protection is essential and, in addition, it is possible to have this service for free, but I am warning you that it will take a long time. Every company has the following tools at its disposal for free.
Evaluate: it makes it easier for us to carry out an internal audit to find out if our company complies with the Data Protection law, ensuring its anonymity so that it cannot be fined if it is not adhered to.
After carrying out a small test, it provides us with a report with the measures to solve the deficiencies.
Form Note: this tool allows us to modify and delete files in the AEPD, filling in and sending the forms online or by correspondence. When entering the web, we must select and mark private ownership.
Model guide for preparing security documents helps us download a security document model.
We only have to fill in our company’s data referring to the security measures, accessing from the AEPD website.
Free software to comply with the LOPD: it allows us to comply with the requirements of said law. There are several, depending on our needs:
- Software for implementing security measures to allow access to different programs, the Internet, request passwords, etc. All this is to guarantee the LOPD.
- Software for encryption and decryption of USB drives.
- Software for updating security documents, allowing them to be modified and forwarded to the AGPD.
- The software allows us to make backup copies of data stored on different devices or programs.