body-container-line-1
Mon, 07 Apr 2025 Feature Article

Beyond Firewalls: Building a Human Shield with "Appropriate Measures"

Beyond Firewalls: Building a Human Shield with Appropriate Measures

We hear a lot about data protection these days, especially when things go wrong. Regulations like GDPR and others often mention businesses must take "appropriate technical and organizational measures" to keep our information safe.1 But what does that really mean, in plain terms? It's more than just buying the latest antivirus software; it's about building a shield, both digital and human, around our precious data. Imagine your home. You have strong locks on the doors (technical measures) to prevent break-ins. But you also teach your kids not to open the door to strangers (organizational measures). You might even have a neighborhood watch (a culture of security). That's essentially what we're talking about with data protection.

"Technical measures" are the digital locks: firewalls, encryption, strong passwords, and software updates.2 They're the tools we use to build a digital fortress. But even the strongest fortress can be breached if someone leaves a window open. That's where "organizational measures" come in. These measures are about the people – you, me, our colleagues. It's about creating a culture where everyone understands the importance of data protection. This means training people to spot phishing emails, to understand the risks of sharing sensitive information, and to follow clear security procedures.3 It's about having clear policies on how we handle data, who has access to it, and what to do if something goes wrong.

Think of it this way: technical measures are the hardware, organizational measures are the software, and the people are the operating system. We need all three to work together seamlessly. We need to make it easy for people to do the right thing. For example, instead of just telling people to create strong passwords, we can provide them with password managers. Instead of just telling them to avoid clicking suspicious links, we can run simulations to help them practice.

It's also about building trust. People need to feel comfortable reporting security incidents without fear of blame. If they see something suspicious, they should feel empowered to speak up. This means creating an open and transparent culture where security is everyone's responsibility.

Ultimately, "appropriate technical and organizational measures" are about creating a holistic approach to data protection. It's about recognizing that technology alone isn't enough. We need to invest in our people, educate them, and empower them to be the guardians of our data. Because in the end, our strongest defense is a well-informed and vigilant team.

Emmanuel Kwasi Gadasu
Emmanuel Kwasi Gadasu, © 2025

This Author has published 67 articles on modernghana.comColumn: Emmanuel Kwasi Gadasu

Disclaimer: "The views expressed in this article are the author’s own and do not necessarily reflect ModernGhana official position. ModernGhana will not be responsible or liable for any inaccurate or incorrect statements in the contributions or columns here." Follow our WhatsApp channel for meaningful stories picked for your day.

Just in....
body-container-line