Securing your data
Today's newspapers frequently report about new data breaches. Letters and emails were send to wrong addressees, emails even were lost, etc. etc. If this happens at well-equipped banks, universities and even at Social payment agencies, this could happen to virtually every company! Which company does not have sensitive personal or other, confidential data?
I probably don't have to warn about the costs; financial costs (fines), social reputation damage etc., etc. The point is to do something with it. I would recommend you starting your way to 'Data Maturity' if you aren't on track already. Know about your data. Being a human, think about good data policies and (business) reasons for your data. Think rationally of why you have what data, by it’s purpose and justifiable business value. Is it useful and usable? On the latter topic of data usability, I could share many other thoughts.
Do you need to keep your data? That's good, and I can advise on good compliant storage places. But for who are you storing data, where, and how long? Who needs access, and when? As a rule of thumb: What you don't keep cannot be leaked.
What about you and your staff yourselves? Human beings could, intended or unintended, violate data handling policies.
OK, let's assume your administrators have applied your well thought out policies and you and your staff have been educated to behave appropriately. The next thing you require is setup reporting. Reporting on auditor's requests, but also to prove your company's data indeed is protected and safe. Prove data exists and is untampered (or the opposite: prove specific data has been deleted and shredded). Check your data integrity, usability and availability.
You now might conclude data protection better should be automated. You are right, but I would say: it is a hard requirement. Only tooling and automation could enforce protection and make sure regulation are both followed and reported on. And only automated processes can keep up with nowadays increasing amounts of data.
In short: think, start, keep on, evaluate, adapt. Good luck and have a safe journey!
