Product Updates

New security measures: Privacy - December 2023

Written by Josephine Broe Moesgaard | 06-Dec-2023 10:59:54

The Danish Data Protection Agency has recently published a new catalog of security measures that companies and authorities can consider in various contexts. We have implemented the same measures in Privacy, so the data controller can choose between these appropriate technical and organizational measures.

New security measures in Privacy 
Privacy Starter · Privacy Standard · Privacy Pro

Businesses and authorities seeking to ensure sufficient security measures now have a valuable addition to their daily operations. The Danish Data Protection Agency has recently released a catalog of security measures on its website, aiming to streamline the process of identifying solutions to address potential risks.

"The requirement in the GDPR is that data controllers must ensure appropriate technical and organizational measures - this is very general, but the catalog is an attempt to make it completely concrete and applicable," says the Danish Data Protection Agency.

We have implemented the same security measures in Privacy, so that these easily can be added to your processing activities and systems.

Get an overview of all the security measures

The following is specified for each measure:
- What risks are addressed?
- What measures can be considered?
- When is the measure necessary?

Access rights as needed
Awareness
Automatic closing of inactive accesses
Backup
Centralized rights management
Data access as needed
Documentation of authorizations
Multi-Factor Authentication (MFA)
Separation of functions
Management of temporary user accounts
Logging of users' use of personal data
Logging of user administrator actions
Minimizing the number of authorization managers and user administrators
Minimizing privileged access rights
Periodic control of the timeliness of access rights

Pseudonymization and anonymization
Role-based access rights
Correlation between user competences, access rights and tasks
Samples in the log of users' use of personal data
Control of physical access
Adaptation of access rights when changing the employment relationship
Avoid reuse of authorization without actively taking a stand
Avoid copying access rights without actively taking a stand
Avoid unnecessary use of multi-user accounts
Change Management

How to add security measures in Privacy 

When you are creating a new or editing a processing activity you can add security measures in step 2 "Data subjects". You can add as many measures as you like from the dropdown named "Security measures".


If the list is lacking any of your measures you also have the possibility to create your own. The Danish Data Protection Agency says that it is important to notice, that the catalog is not exhaustive. 

Security measures can also be added to a system in step 5 "System information".

Administrators can also add global security measures, that are implemented throughout the organisation. Global measures are active in all processing activities and systems.