Michelle Molyneux, Be Data Savvy, Data Protection Consultant, Warrington, Data Specialist
Knowing your data and how to handle it.

Knowing your data and how to handle it.

by | 04 06 21 | Data Protection & Business Standards

It is a sobering thought that every one of us has a long, intricate trail of data in the wider world.

Personal data, including email addresses, names, where we live, our families, friends, employment records, IP addresses… Each trail is specific to us; its contents can identify us.

However, another trail running parallel to the first with much more sensitive data that, in the wrong hands, could be used to target us, such as our medical histories, sexuality and our gender, race and religion.

-All that, and we haven’t even started to mention Social Media profiles…

Cutting through the confusion

Information about your clients, suppliers, employees and other associates or stakeholders is your responsibility. Knowing exactly what that data is, where it is held (off-site, in the cloud or the filing cabinet, for example,) and the lengths of time you are obliged to keep it for are all important legal requirements.

Michelle Molyneux, Data Protection Officer, Know Your data

If you run a business, you will handle data just like that listed above and doing so is more of a responsibility than ever before.

It’s a worthwhile task to undertake, for legal compliance obviously, but for other reasons too:

  • Upholding people’s rights
  • Acting fast to address issues such as data breaches and cybercrime
  • Plan more focused, effective marketing strategies
  • Your customer relationships and reputation will lift you above the competition
  • You get a secure, organised and data-accurate business

Those are just some of the benefits of handling data correctly, but how on earth do you get to that point?

Don’t panic! Help is out there

If you are confused or concerned by issues surrounding the data you hold, don’t worry. You are not the first and are certainly not alone in feeling that way. The first step, the only step that matters at the beginning of that journey towards data handling compliance and peace of mind, is this-

Establishing exactly what data you hold

I can’t stress this enough, every data audit and every conversation with a GDPR specialist such as myself begins with a long, careful look at exactly what data you handle. It is THE most important job on day one…

We can then follow the legal framework and guidelines to ensure it is handled safely and correctly.

The Information Commissioner’s Office (ICO) is another valuable resource offering the help, and support businesses need to ensure data privacy. Their website provides simple-to-understand guides about data protection aimed at SMEs and even checklists and self-assessment tools such as this one.

If your business handles personal data, you should already be familiar with the ICO and the annual data protection fee unless exempt. You can check if the fee applies to you here.

The ICO is a supervisory body that goes the extra mile to offer help and advice to individuals and organisations.

Lastly, but by no means least, there is me! As a certified Data Protection Officer, I can offer the help and support you need to ensure you ‘know your data’ and handle it perfectly.

Why not send me a message or request a call any time? I’d love to help.

Is Your Data Protection Still Fit for Purpose in 2025?

Is Your Data Protection Still Fit for Purpose in 2025?

by | 03 06 21 | Data Protection & Business Standards

How to spot the gaps before they turn into headaches

Since the UK formally separated from EU data laws, we’ve seen a lot change, but also, a lot stay the same. With the new Data (Use and Access) Act now in force, small business owners are right to ask: “Is our GDPR still up to scratch… or are we running on a version from 2018?”

Here’s how to check — and what to do if you spot gaps.

🔍 1. Your Privacy Notice Still Mentions the EU GDPR

If your website talks about “GDPR (EU) 2016/679” but doesn’t mention UK GDPR or the Data (Use and Access) Act, it’s time for a refresh.
✅ Action: Update your privacy notice with the correct legal framework and lawful basis.

🔐 2. You’re Collecting Data… But Unsure Why

You might be capturing emails, forms, cookies, or call data, but can you clearly explain why and under what lawful basis?
✅ Action: Map out your data flows and match them to one of the six lawful bases under UK GDPR.

🧾 3. You’ve Never Reviewed Your Data Processing Agreements

Many SMEs still rely on generic contracts. But if you’re working with freelancers, agencies, or cloud tools (like CRMs or AI apps), you need solid Data Processing Agreements in place.
✅ Action: Review your contracts and plug any gaps, especially if AI tools are involved.

📥 4. You’ve Never Had a DSAR… And Would Panic If You Did

The new Act provides greater clarity around “vexatious” requests, but DSARs remain essential. If you don’t have a clear procedure, even one email from a customer can throw your whole system into chaos.
✅ Action: Create (or review) your DSAR procedure and train your team.

🧩 5. Your Team Isn’t Fully on Board

Policies are great — but if they live in a forgotten folder, they won’t protect your business. Everyone on your team should know:

  • How to handle personal data

  • What to do in a data breach

  • Who to speak to when in doubt
    ✅ Action: Include data protection in onboarding, regular check-ins, and team training.

🧭 Need a sanity check?

If you’re not sure where your gaps are — or what counts as “good enough” these days — you’re not alone. I help small businesses create calm, realistic data protection plans that don’t rely on jargon or fear.

📩 Message me for a jargon-free GDPR health check, or book a free clarity call to get started.

Updated July 2025 to reflect the new Data (Use and Access) Act and current UK GDPR guidance.

Other articles you may be interested in: