It is a sobering thought that every one of us has a long, intricate trail of data out there in the wider world.
Personal data, in the form of email addresses, names, where we live, our families, friends, employment records, IP addresses… Each trail is specific to us; its contents can totally identify us.
However, another trail running parallel to the first with much more sensitive data that, in the wrong hands, could be used to target us, such as our medical histories, sexuality and our gender, race and religion.
-All that, and we haven’t even started to mention Social Media profiles…
Cutting through the confusion
Information about your clients, suppliers, employees and other associates or stakeholders is your responsibility. Knowing exactly what that data is, where it is held (off-site, in the cloud or the filing cabinet, for example,) and the lengths of time you are obliged to keep it for are all important legal requirements.
If you run a business, you will handle data just like that listed above and doing so is more of a responsibility than ever before.
It’s a worthwhile task to undertake, for legal compliance obviously, but for other reasons too:
- Upholding people’s rights
- Acting fast to address issues such as data breeches and cyber crime
- Plan more focused, effective marketing strategies
- Your customer relationships and reputation will lift you above the competition
- You get a secure, organised and data-accurate business
Those are just some of the benefits of handling data correctly, but how on earth do you get to that point?
Don’t panic! Help is out there
If you are confused or concerned by issues surrounding the data you hold, don’t worry. You are not the first, and you are certainly not alone in feeling that way. The first step, the only step that really matters at the beginning of that journey towards data handling compliance and peace of mind, is this-
Establishing exactly what data you hold
I can’t stress this enough, every data audit and every conversation with a GDPR specialist such as myself begins with a long, careful look at exactly what data you handle. It is THE most important job on day one…
We can then follow the legal framework and guidelines to ensure it is handled in a safe and compliant way.
The Information Commissioner’s Office (ICO) is another valuable resource offering the help, and support businesses need to ensure data privacy. Their website offers simple to understand guides about data protection aimed at SME’s and even checklists and self-assessment tools such as this one.
If your business handles personal data, you should already be familiar with the ICO and the annual data protection fee, unless exempt. You can check if the fee applies to you here.
The ICO is a supervisory body and goes the extra mile to offer help and advice to individuals and organisations.
The excellent book ‘GDPR for Dummies’ by Suzanne Dibble cuts through much of the jargon with straightforward, easy to understand help and advice.
Lastly, but by no means least, there is me! As a certified Data Protection Officer, I can offer the help and support you need to ensure you ‘know your data’, and you’re handling it perfectly.
Why not send me a message, live chat or request a call any time? I’d love to help.
Data Protection is not something new. It goes back to 1948 and The Universal Declaration of Humans Rights. It has come a long way since then, most notably with GDPR. These were agreed upon by the European Union back in April of 2016 and came into force in May 2018. In the UK, GDPR was enshrined in the Data Protection Act 2018.
Knowing exactly what GDPR is all about, why we need to do so, and why it is important are all a big deal because if things go wrong just once, it’s already too late…
What is GDPR?
Basically, it is the umbrella term for the set of legal requirements that govern how we handle people’s information. That information might be personal information such as cookies, names, addresses and other contact details. It might be sensitive information, such as ethnicity, medical history, sexuality or even credit card details. General Data Protection Regulations cover both digital and hard copy information.
Why do we need to understand it?
To put it simply, it’s the law, and we need to understand it to ensure that, (much like every other legal requirement), we know and can demonstrate we are doing things the right way.
For many, Brexit has caused some confusion around the steps they need to take for continued compliance. It’s essential to remember that the Data Protection Act 2018 encompasses GDPR and stretches way beyond the EU borders. If you are UK based and dealing with EU clients or businesses, GDPR is just as important as before.
Post-Brexit, UK data protection laws still incorporate all the key elements of GDPR, meaning that for businesses. The expectations are much the same as before. Understanding the legal requirements and doing things the right way can carry a range of benefits for your business, such as:
- Protection from cybersecurity threats, data theft, fraud and breaches
- Proof of the lawful, fair and transparent way you do business
- The best image for your brand and the ability to do business with a wider range of partners
Why is it important?
Integrity and confidentiality are vital for data security. Having the measures in place that prove good physical and technological security levels go a long way towards demonstrating compliance. It can also foster a positive and forward-thinking culture that can drive your business forwards.
Good data compliance can also drive efficiency. It prevents organisations from effectively hoarding more data than they need by ensuring they collect only relevant information for its intended purpose.
Businesses can also demonstrate the provision of the legal rights for employees, clients and individuals (data subjects) concerning:
- An individuals rights to be kept informed about the reasons why their data is held and who it might be shared with
- Their rights to access the data held about them on request
- The right to change data if it is wrong or incomplete
- Their right to be forgotten if there is no good reason for their data’s continued storage
- The right to restrict data, if it is wrong or has been processed inaccurately
- The right to opt-out of any automated decision making processes their data might be used for
We can see GDPR hasn’t gone away. In fact, post-Brexit and with so many of us working remotely, in an ever-changing business world these days, it’s become more relevant than ever.
If you have questions or concerns about GDPR compliance, I can help put your mind at ease or work out the answers.
Let’s work together to ensure GDPR compliance in your organisation.