The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.
Especially when local or unstructured data needs to be handled a lot due to the nature of the activity, it may be necessary to develop training that describes the risks involved for staff.
Common problems with local and unstructured data include e.g.:
For data you do not want to lose, that you want to control, or that is important to find in the future, staff should use data systems designed for it.
Devices should be protected against unauthorized access to or disclosure of information stored on or processed by them. Mandatory protection of the devices, e.g. with a 5-digit PIN code before each use, and automatic locking of the devices, e.g. after 5 minutes of inactivity, can help.
If sensitive paper information is required, there are safes, other lockers or other secure furniture for storing it.
Sensitive information must not be lurking available to anyone around the office.