What is personal information?

Personal data are all data relating to a person whose identity can be directly or indirectly established by their use. It is usually about the data we use every day in our activities at work, in the trash, in the bank, school, on the Internet. Name and surname, address, e-mail address, telephone numbers, health data, salary, school grades, data on education, marital status, bank accounts, tax returns, data on membership in organizations and associations, credit indebtedness, history online examinations, biometric data (pupil scan or fingerprint), ID number or passport number.

Leaving personal data on tables, bulletin boards, throwing printed biographies of job candidates in the trash are just some of the irregularities that no one pays attention to or considers risky for business, and which are often found in domestic companies. Therefore, it is necessary, first of all, to work through education to raise awareness of the importance of personal data and the risks generated by the new legislation. Also, it is necessary to introduce special procedures that would eliminate this inappropriate behavior of employees, as well as management, which would minimize data leakage. One of the best policies in this area is the clean table policy, which is also a regular recommendation in the regulatory compliance process.

Online profiling

Many times we have clicked and accepted certain “pop-up” windows on certain sites and without reading the notice about “cookies” where it is stated what our data or data about our IP address are used for. For example, if someone wants to buy a holiday package and search for offers on the Internet, he has not entered any personal data until then, but cookies are installed on most pages that monitor his behavior and thus do his profiling. Based on this knowledge, the bidder knows exactly what the person is looking for, and that is, for example, the cheapest hotel accommodation on a certain date. The bidder then monitors how many times the person is looking for a certain destination and when he decides on the desired date and requests an online offer, the algorithm that profiled his behavior, assesses that there is a serious intention to buy a travel arrangement and can automatically display a higher price. This is one of the examples of inappropriate data processing that should be sanctioned according to the regulation.

Password managers as a form of business data protection

To protect your information and protect your family, you must use password managers. Business secrets, information about employees, and many other data concerning the company, which can be easily revealed through negligence, as well as certain details about the family, should be protected. The password manager not only provides the convenience of storing all data in one place but also has the strongest protection against password leaks and identity theft. The best of them helps you to create and regularly change passwords that are stored in a virtual “lock” in the software itself. Your manager syncs on all the devices you use. All you have to do is remember one password – the one that allows you to enter the password manager. As you browse, your manager automatically fills in passwords for web pages, allowing you to go your own way and making you much less vulnerable online. The password manager has several advantages when protecting data, and to protect yourself, it is necessary to use them. Stay safe and keep and protect data and other things.

Video surveillance in offices and public spaces

It is not uncommon for companies to install video surveillance without a prior risk assessment and security plan, which is an obligation under private security law, and without an impact assessment. Many times when you go to a meeting in a domestic or foreign company, you see that certain offices and premises are under a video surveillance system whose purpose should be the protection of persons, property, and business. Very often, companies without risk assessment, on their initiative, set up a system at the discretion of a manager or owner, thus committing an offense in the field of private security law. It should be emphasized that such video surveillance is essentially not usable because the video material from it would be easily challenged in any procedure and is essentially a big risk for a company that illegally records employees, visitors, and third parties and archives their data. When asked why offices or some public space are being filmed, the answer that is often heard is “that’s what the boss said”.

Each database, ie collection of data, with personal data in companies, must be recorded and protected, so that, for example, it is forbidden to circulate by email tables with a list of children who should receive packages for the new year, then a list of employees who have applied for voluntary blood donation or the purchase of a product in installments and for all employees to enroll themselves, which violates privacy and increases the risk of personal data leakage.

Invasion of emails and SMS – aggressive marketing

Marketing often knows no boundaries and thus crosses the boundaries of our privacy, which the new law specifically deals with. Every modern purchase requires the taking of certain data and involves activities that seek to reveal the intentions and habits of consumers to adjust the offer to the same to raise the turnover and profit of producers. Communication with the seller always goes in the direction of making another contact after the purchase and for the buyer to return or become loyal. Loyalty programs are programs that reward customers for their loyalty, but also customers who regularly shop at the same company, which can often involve the processing of personal data. Most often, such communication is achieved by sending personalized letters by mail, contact by phone, e-mail, SMS, MMS, pop-ups, so-called. Pop-up but also in another way. There must be a relevant legal basis for any processing of personal data, including marketing, and it can be obtained through the consent of the person or in the legitimate interest of the business entity (processor).