Data privacy of employees/former employees / Data privacy of business partners / How we can help you
Keeping data confidential by employees/former employees
Within any company there are a number of confidential data/information that require appropriate protection measures (e.g. contact details of representatives of certain customers, financial contract terms negotiated with certain business partners, know-how, internal working procedures, service secrets, trade secrets, etc.).
Insofar as the data also consist of personal information, their confidentiality must be preserved, all the more so under the GDPR (General Data Protection Regulation).
For more information on the protection of personal data please visit the GDPR – Protection of personal data section.
In order to protect the confidentiality of data/information/documents it is necessary to implement several legal (e.g. working procedures, regulations, etc.) and technical (e.g. data encryption, data access monitoring, protection of IT devices) measures regulating a number of issues:
- where and how the data is stored;
- who has access to the data and the conditions of access;
- the type of access to information and the devices from which it can be achieved;
- preventing unauthorised access;
- preventing unauthorised disclosure/deletion/copying of data;
- mitigate risks and damage in case of unauthorised access to data.
As a general rule, data protection is achieved through the conclusion of legal acts containing specific clauses (e.g. individual employment contract, job description, internal rules, confidentiality agreement, etc.).
However, in order to ensure adequate protection, some companies also resort to implementing physical and IT security measures (e.g. storing data in secure cabinets, limiting access to rooms containing sensitive data, installing CCTV systems, storing data in IT environments that allow for data traceability (who, when, from which IP, using what type of device, how the data was accessed), etc).
In very many situations the focus is on preventing access to data, rather than on fulfilling a simple contractual obligation not to access data in an unauthorised way.
Keeping data confidential by business partners
Ensuring confidentiality between different business partners, either in the course of due diligence or in the course of business relations, is generally achieved by signing a confidentiality agreement.
However, even in the context of such reports, especially during due diligence, a number of IT measures can be implemented to ensure data confidentiality (e.g. virtual data rooms with security systems, etc.).
How we can help you
Our team of lawyers together with various IT industry specialists (e.g. application developers, cyber security specialists, etc.) can provide you with legal advice to protect the privacy of your sensitive data:
- identification and classification of confidential data;
- drafting and implementing internal working procedures on access to confidential data;
- drafting and negotiating confidentiality agreements;
- training of authorised staff to comply with procedures for maintaining data confidentiality.
Further information on the confidentiality of information