Access control for all tools
Security and privacy go hand in hand. Without good security practices you can not safeguard the privacy of the personal data you have under your care.
We advise you to periodically review your access control arrangement for all those systems that hold personal data. If you are using our GDPRWise SAAS software then you can visit your GDPRWise customer and staff dossiers to see the list of systems that you should go through. Those firms with robust privacy and security practices will maintain an extensive application register and will also have adopted access control policies & procedures. In any case the key access control checks you should perform are:
- Check password strength rules are in line with best practices. For more information on password best practices, check out our dedicated knowledge base item on this topic.
- Enable 2FA where possible
- Confirm no accounts are known to be hacked using a service like Have I been PWNED
- Confirm that no accounts of previously engaged staff still exist. We advise you to maintain a joiners & leavers checklist to make sure you action those events in a compliant manner.
- Review the access control privileges are still only providing minimum necessary access for each of the staff roles.