Estonian supervisory authority makes recommendations on secure data processing

The Estonian Data Protection Inspectorate (DPI) has published recommendations for secure data processing in business operations after observing a number of cases where human error led to breaches of personal data processing requirements.
The DPI recommended:
  • regular training and awareness raising for staff members on secure data processing;
  • making sure there are no hidden fields in Excel files and converting PowerPoint presentations to PDF format;
  • making backups of all important data, with one of the backups being separate from the others;
  • making backups of important applications, software;
  • updating software and patching security vulnerabilities as soon as possible after obtaining information;
  • logging of information application systems at a level that allows various data processing operations to be examined as necessary; and
  • implementing automated monitoring and SIEM (Security Information and Event Management) type security solutions in information systems.
These recommendations aim to reduce the risk of data breaches and increase the overall protection of data in businesses. The DPI emphasises that the responsibility for secure data processing rests with all members of the organisation and requires constant attention and commitment.