Online all the time, anywhere with anything
Call Us: +46 8 50003170

What is your process for handling personal data?


You are storing a lot of data that is PII(Personally Identifiable Information) in all your ICT-systems. Are you aware of the process how the PII is handled in your organisation?
In the picture above I have created a simple picture for you to start with, I showed this picture for the first time Thursday this week on a seminar with CSA Sweden. The audience was a mix of vendors, consultants and IT-security pros. The feedback was that many have not looked at the issue this way.

With the upcoming GDPR from EU you have to be able to track and control the PII flowing through your systems. The picture above is for you to start thinking of the 3 stages.

  1. How do PII enter into your ICT-systems? Is it manually, automatically or a mix? Who has access to the PII when it enters the system?
  2. How do your organisation consume the PII? Who has access? who can alter the PII? Is the PII sensitive data?
  3. How do the PII leaves the system? Do you send it outside of the organisation or out of EU? Will the output be input to other systems?

When you have the picture clear of the 3 stages in the processing of PII you can start to classify and secure the data. If you don´t know the process in details, you are not certain that you do the right security tasks to guard the PII. The stored PII is what you have ”for loan” from the registered person. In GDPR the right to your PII is a key component, you have to remember that even if the PII is about a customer, an employee or a contractor the data is not yours. You have to give the data back to the registered if they request for it.

The above picture is a process you have to go through with all your systems, each of them have different processes and the input, consumption and output differs from all of these systems.

Do you need more info from us on the how to handle PII with the GDPR? Please don´t hesitate to contact us Process for PII