Only those individuals who need access to personal confidential data should have access to it, and they should only have access to the data items they need to see. This may mean introducing access controls or splitting data flows where one data flow is used for several purposes.