Looking at physical, technical, organisational and behavioural aspects.
• Think, plan, act.
• You can only use personal information for the reason you collected it.
o Who else has access to your databases/name & details?
o Do they need access?
• Do you share any of the personal information with another company or organisation?
o See our data sharing checklist.
• Think about the physical security of your personal information.
• Control technical access.