With the ever increasing developments of Internet and Communication Technologies (ICT), the volume of data has also increased with a great pace. Management of data has become more challenging than ever, and with a sharp increase in cyber crimes, data protection has become an ultimate requirement for every organization. There are multiple techniques, tools and mechanisms that have been employed in order to protect and safeguard information against potential cyber attacks and risks

Some useful and essential measures that are recommended for data protection include the following:

  • Using strong encryption techniques
  • Placing an effective firewall
  • Update systems and the softwares frequently
  • Raise awareness

Source: Council of Europe, Reference

These above mentioned practices along with various other suggestions by multiple organizations are key elements for data protection. As per General Data Protection Regulation ro GDPR, there are six essential data protection methods which are:

a) Risk assessment

b) Backups

c) Encryption

d) Psuedonymisation

e) Access control

f) Data destruction

We will see each of the methods in brief. The first step, risk assessment in itself is a huge field. Risk assessment always plays a crucial role in data protection The riskier the data, the more protection it has to be afforded. Sensitive data should be closely guarded, whereas low-risk data can be afforded less protection[GDPR]. There are two axes upon which your risk assessment should be based: the potential severity in case of a data breach and the probability of a breach. The higher the risk, the more sensitive the data is. [GDPR]

Secondly,  backups are equally important as it helps in quick restoration of lost or damaged data. a method of preventing data loss that can often occur either due to user error or technical malfunction. Backups should be regularly made and updated. Regular backups will impose an additional cost to your company, but potential interruptions to your normal business operations will cost even more. [GDPR]

Thirdly, encryption is undoubtedly an important to be considered when it comes to data protection. Encryption adds an additional layer of security which creates a challenge from an external attacker to gain information. The data which is more prone to high risk demands more encryption in comparison to the low risk data. For that reason, encryption is even explicitly mentioned as a method of data protection in the GDPR, meaning its proper use will certainly bring you favours in the eyes of the regulators.


Pseudonymisation is another method advocated in the GDPR that increases data security and privacy of the individuals. It works well with larger sets of data, and consists of stripping identifying information from snippets of data. Pseudonymisation is also a must when performing scientific or statistical research, so institutions and schools should be well-versed in properly pseudonymising their data.

Access control

Access control majorly deals with authentication and authorization. Authentication provides information about who has the access to information and authorization defines the privilege offered to an individual with respect to a specific information. You should ensure that you give access to sensitive data only to trustworthy employees who have a valid reason to access it. We recommend you hold regular prior data handling education courses and refreshers, especially after hiring new employees.

Data destruction

There may come a time where the data you have will need to be destroyed. Data destruction might not seem like a protection method at a first glance, but in fact it is. The data is being protected this way against unauthorised recovery and access. Under the GDPR, you have the obligation to delete the data you don’t need, and sensitive data warrants more comprehensive methods of destruction.


  • 6 Essential Data Protection Methods – GDPR
  • Business info – Reference
  • Berkeley Information Security Office – Reference

Get new content delivered directly to your inbox.

%d bloggers like this: