see this here

Data is an important asset for any company. When a loss or breach occurs, it could cause a complete stoppage in operations and damage your reputation as well as the trust of your customers. It’s also possible to trigger legal liability as many companies today are governed by a variety of privacy regulations and standards.

In order to organize your data protection program, it begins with establishing a plan that aligns with your organization’s overall security policy. This will let you set clear expectations and guidelines for your employees in relation to handling sensitive data, from its creation to archive or deletion.

It’s also essential to identify the kinds of data your business holds and what level of sensitivity it ought to be classified as. This lets you implement data governance policies such as user-based access, automated masking, and tracking of data lineage.

You should also create a process to respond to government requests for data. Ideally an attorney should handle it so as to ensure that the response is accurate as well as in compliance with relevant data protection laws.

All employees should be educated on the policies and procedures of your organization in relation to data security. Particularly those working at home or from other offsite locations. Explain to employees, for example, that it is not in the company’s policy to display passwords near their work area or to share them with anyone else. Also warn them to beware of identity thefts who may call pretending to be IT to steal personal information. Remind them to check any emails that appear to come from a person they know in the office, and request confidential information.