What is General Data Protection Regulation?
GDPR applies to ‘controllers’ and ‘processors’.
GPDR does not apply to certain activities covered by Law Enforcement Directive.
Who is covered by GDPR?
This makes them responsible for an information breach. All processors are required to maintain records of personal data and processing activities.
HOW TO COMPLY WITH GENERAL DATA PROTECTION REGULATION?
- Always follow our policies.
- Office Policy
- IT Policy
- Employee Handbook
- Do not bring your own device inside the office if you are not authorized.
- Operate and hold information under strict confidentiality especially if you are processing personal information.
- Do not leave any papers or writing instruments at your desk at the end of your shift.
- Wear your IDs at all times.
- Double check the recipient of your email to avoid data breach. Sending confidential email such as containing personal information is classified as data breach.
- Do not share your password.
- Do not use/install/download illegal copy of software.
- Do not access/process/destroy information without proper authorization.
- Protect your document. (see instructions below)
HOW DO I PASSWORD PROTECT A DOCUMENT?
- Click the File tab.
- Click Info.
- Click Protect Document, and then click Encrypt with Password.
- In the Encrypt Document dialogue box, type the password then click OK.
- In the Confirm Password dialogue box, type the password again then click OK.
Passwords are case-sensitive. Make sure that the CAPS LOCK key is turned off when you enter a password for the first time. Remember, if you lose or forgot the password, there is no way to recover the password once it has been lost.
HOW TO ACQUIRE PROPER AUTHORIZATION?
If it is related to destruction of data, ask your supervisor and compliance officer in order to prepare the certificate of destruction. Destruction of information needs to be reviewed by the management in order to avoid legal liabilities.
If processing personal information is directly related to your work, then all you have to do is to operate under strict confidentiality and maintain privacy.
If you are planning to access information, ask your supervisor and state the purpose.
Take note that whichever you plan on doing, it is best to requires proper documentation.
WHAT SHOULD YOU DO WHEN YOU LOST YOUR ID?
WHAT TO DO IF YOU SENT EMAIL CONTAINING DATA TO UNINTENDED RECIPIENT?
After recalling, inform our Data Breach Response Team/IT Department for them to conduct initial assessment.
Wait for instruction from the Data Protection Officer or Compliance Officer for Privacy for the next instruction.