Privacy, data protection and confidentiality are interconnecting terms. Are they the same or different?
They can sometimes be viewed as the same thing. But there are differences. Let’s unpick them and see how they are essential in your business.
(more…)
Privacy management can be a contentious issue. Isn’t it the business’s data when I have it? The data is out there, so why can’t I use it? Why should businesses care about the management of data and privacy?
The Universal Declaration of Human Rights in 1948, has one of the earliest statements towards the right to an individual’s privacy.
That was over 70 years ago, and the rights of an individual, in relation to privacy, are still being defined and redefined; 1973 and the first Data Act, in Sweden. The 1998 Data Protection Act in the UK and then, subsequently, the 2018 General Data Protection Regulations (GDPR), led to countries around Europe updating their own data protection laws.
Businesses have adapted and changed in 70 years, especially with the advancement and speed in technology. Hence the changes and updates in legislation, especially in relation to information sharing.
Businesses need data to run their businesses. Ideally, many businesses would say, they need to gather information to contact prospective clients and use that data as they want within their business. Look at the big tech companies, like Meta, Google and Amazon, who rely on the collection and ‘reusing/distributing’ of data as a fundamental cornerstone of their business. The selling of data can be a considerable income stream.
It is no wonder that businesses, no matter how big or small, have difficulties with privacy; especially when you have to balance the needs of the business with the needs of the individual. The individual has rights!
And there is the conflict. Many businesses argue either the information is out there or that the person has given it to them, so why can’t I use it the way they want to?
Good data management is good for business. Having everything in place can mean that things run smoother, and ore importantly, it can help reduce costs (especially in relation to software).
GDPR set out to clarify the importance of privacy and data security. More importantly, it determines who the owner of the data is. The individual owns the data, and not the business. Businesses are, in effect, custodians of the information held by a living person. As a result, they have to follow the principles of the regulations.
In short, that means that businesses need to
Saying we are data protection compliant is not enough. Businesses need to prove it. Some key areas to look at are
It doesn’t need to be complicated. Help is at hand. As a data protection specialist, I am here to support and assist with your data protection woes. Why not get in touch?
If GDPR and compliance are a concern for you or your organisation, don’t worry. Taking all the different aspects in at once can (and probably has) caused everyone to feel a little overwhelmed at some point. But it doesn’t need to. Here are the five tips to know about and why they matter.
When it comes to GDPR, transparency is a fundamental principle. The reason why that’s the case is simple. It gives individuals as much control over their data as possible and facilitates their rights.
Control and rights are both fundamental underpinning principles of GDPR.
How does a company demonstrate transparency? The content of privacy notices is a good start. Good, compliant examples include
Data mapping confuses some, but its principle is relatively easy. Mapping your data means establishing what information you hold and exactly how it flows through your company. This type of audit (also known as a mapping exercise) should be performed regularly by assigned individuals.
Doing so ensures it is maintained and amended as needed by a person or persons who are aware of their responsibilities.
Breaches can unfortunately happen, and on a long enough timescale, something similar to the list below probably will.
Data breaches can take many forms, such as:
Breaches can also result from carelessness or lack of awareness, such as unattended computers and, especially recently, working from home on unauthorised personal devices and unprotected networks.
Reporting breaches of personal data have been mandatory since before the GDPR came into force. It just became more visible,, and the assessment for reporting changed. The Information Commissioner’s Office has a dedicated section for more information about breach reporting.
Data subjects have a wide range of rights relating to the data you hold about them, making it essential to know why you are processing the information you hold about them.
Data subjects have some or all of the following rights:
The right to be informed (Including why you are processing their data, how long you intend to retain it and who you might share it with.)
A right of access (Typically referred to as a Subject Access Request or SAR which must be dealt with in a timely way.)
The right to rectification (If the subject feels their data is incomplete or inaccurate.)
A right to erasure (Also known as the right to be forgotten, sometimes for legal reasons this may not always apply)
The right to restrict processing (In certain circumstances, an individual as the right to store their data but to stop you using it.)
A right to portability (The right to obtain their data and reuse it for another purpose or service.)
For both controllers and processors, demonstrating compliance and putting measures in place to meet the requirements for accountability will mitigate the risk of enforcement action. Still, it will also build trust in your business and its services and raise you above the competition.
For help and advice around transparency, avoiding breaches, mapping the data you use, subject’s rights and accountability, get in touch today; I’d love to offer you help and advice in the field I specialise in.
It is always good to look to the past and present to plan for the future. Using this information, we can put in place plans and goals for the coming year, along with the actions needed to fulfil them in a rapidly changing world. With that in mind, December is Write a Business Plan Month.
It is an excellent opportunity to reflect on the past year, plan for the year ahead, and try to future-proof our businesses. In the last five years, businesses have had to deal with so many different issues; some that could have been planned for (BREXIT), some that were never anticipated (COVID).
The New Year is an excellent time for businesses;
Business planning and strategies must be even more effective if the visions and goals for the year ahead are to be reached. But business planning is not all about what we want from our business and where we want it to be in 12 months. We must look at what is happening around us that may impact or influence them.
The positive news is that the last few years have shown us how reactive and adaptable we can be when things go unstable; we can excel at thinking outside of the box to withstand everything a tumultuous year has thrown at us.
PESTLE is an acronym for a great strategic planning tool that looks externally and how It can impact the business
P: Political
E: Economic
S: Social
T: Technology
L: Legal
E: Environmental
Things that we may include;
Highlighting the issues can help assist complete the SWOT.
The SWOT looks at internal Strengths and weaknesses and external Opportunities and Threats. It can be carried out for a business or a project and can be seen by many as an essential strategic tool.
Internal factors include personnel, finance, services/manufacturing capabilities, and the marketing 4Ps (product, price, place and promotion). The PESTLE above is a great place to start when looking at external factors.
The business canvas model is a strategic management tool that allows you to describe how a business intends to make money. It explains who your customer base is, how you deliver value to them, and the related details of financing. And the business model canvas lets you define these different components on a single page.
As many businesses look to future-proof their operations in the short to mid-term, versatility and flexibility will be common factors. It makes sound business sense to look externally to help get a fresh perspective. It is no coincidence that in recent times, outsourcing and freelancing have seen exponential rises in popularity as organisations seek lean, efficient solutions that don’t cost more than they need to…
Visions and goals for the year ahead
If you are planning for 2023, why not get in touch to learn more about how we can support you and your business to plan to achieve future compliance and growth, or book a free clarity call?
Related Articles:
Whenever compliance and accreditation are discussed, many of us focus on ensuring everything is okay without considering the potential benefits.
We think about the mandatory things we need to do to ensure our products and services are legally safe, that they adhere to the standards set out for them and that our teams are working in a safe, compliant environment.
We invest a lot of time and resources into ensuring those boxes are ticked; we have to, after all! However, there is also a whole range of other accreditation and certification that isn’t mandatory.
You and your business have already put in the hard work to get the compliance you need; is it worth your time to bother with anything else?
Yes, it is. It can pay off in all kinds of ways…
You don’t need me to tell you any competitive business advantage is worth grabbing with both arms. Taking compliance and accreditation to the next level is a powerful way to do that…
The range of accreditation out there for your business can be considerable. It ranges from ISO standards like ISO 27001 (managing information), ISO 45001 (occupational health and safety), and ISO 9001 (quality management) to industry-specific accreditation that will allow you to bid for contracts with government agencies, schools, and the NHS. For charitable organisations, accreditations such as NCVO can demonstrate their trustworthiness and win the confidence of potential donors.
On an individual level, accreditation can also have a positive impact; mental health champions, data protection, and safeguarding, to name just a few, are all precious accredited courses for key employees; they might also go some way towards gaining Investors in People accreditation, an award which any forward thinking company should be proud of.
Showcasing your accreditation is an easy and effective way to show your qualities to the world and prove that you stand head and shoulders above your competitors. You can add them to your website’s homepage as logos, share them via your social media channels, blog about the important part they play in your company’s story, send out newsletters and even contact the local paper!
You’ve gone the extra mile, after all. Why wouldn’t you want to shout about it from the rooftops with pride and passion?
If you are working towards gaining accreditation to drive growth and demonstrate your quality, collating the right materials and information and presenting it in the correct format is essential. Failing to do so can cost you time, money, and more than a bit of frustration.
We have over ten years of experience in quality and compliance across a wide range of sectors. Check out our advice and consultancy page, or our supporting with business standard page or Contact us today for a free chat!