Create an internal security policy — Create an internal security policy for your team members, and build awareness about data protection
Even if your technical security is strong, operational security can still be a weak link. Create a security policy that ensures your team members are knowledgeable about data security. It should include guidance about email security, passwords, two-factor authentication, device encryption, and VPNs. Employees who have access to personal data and non-technical employees should receive extra training in the requirements of the GDPR.
| Property | Value |
|---|---|
| Section | Data security |
| Owner | operator |
Mapped Controls
| Control | Title |
|---|---|
| SID-ORG-01 | Information Security Policy |
| SID-PPL-02 | Security Awareness, Education, and Training |