BUT COLLECTED BY INSTITUTIONS

ATTENTION TO PERSONAL DATA NOT FOR THE PURPOSE OF PROCESSING

Today, there are many points that companies need to consider when it comes to data security. In addition to preserving and protecting the personal data they obtain from companies, they are expected to act in accordance with the law when this data is no longer intended for processing. Underlining that such a situation can lead to severe sanctions for companies, Siberasist General Manager Serap Günal shares the 4 steps to follow by stating that data that has no purpose to be processed specifically for Cyber ​​Security Awareness Month, institutions in a difficult situation in the event of a possible data breach.

Companies must act by considering all the risks and difficulties associated with the data they collect. It is crucial that institutions determine how long and for what purpose they keep personal data. Siberasist General Manager Serap Günal, who states that the stored data should be periodically reviewed and that data that has no purpose for processing should be deleted or anonymized, lists what companies should do with data that has no purpose for processing in accordance with this obligation.

4 steps to take about data that has no purpose to be processed!

In an environment where the situations related to the processing of data obtained for certain purposes and with the consent of individuals are eliminated, data controllers must delete, destroy or anonymize the processed data. Serap Günal states that situations where this obligation is not enforced in accordance with the law can have devastating consequences for companies, Serap Günal shares in 4 articles the path that both SMEs and large-scale companies should follow for unprocessed data.

1. Identify data that is no longer intended for processing. The first thing businesses should be aware of is to determine which of the data that is periodically monitored is not intended for processing. For this reason, it is important to determine which personal data will be deleted.

2. Identify relevant users.After the determination of the data that has no processing purpose, the relevant users must also be determined for the data that is detected in the next stage. For this, companies are advised to use an access authorization and control matrix or a similar system.

3. Identify access methods and authorizations. After determining the data and users who have no purpose for processing, the authorization and methods of the concerned users such as access, retrieval and reuse should be closed and eliminated.

4. Delete data that is no longer intended for processing. In the final phase, the authorization and methods for accessing, retrieving and reusing personal data of companies are completely eliminated.

Source: (BYZHA) – Beyaz News Agency