Data Protection

Data protection, commonly referred to as GDPR, is here to protect every individual (or natural person as it says in the legislation) from those who would otherwise profit from using their personal information. Therefore, it is vital for every business (including companies, partnerships and C.I.C’s of any kind), clubs, associations, sole traders and charities to get right.

By supporting these various types of enterprise or interest I have been able to use my qualifications to bring them great benefits. 

There is so much to think about as the legal framework requires so many aspects to be covered. 

I know that the basic things you need to think about are:,

  • Who your data controller is.
  • Who your data processors are, even those you outsource to.
  • What policies and controls you have in place to protect the personal information you process.
  • When you need to take additional care of particular information.
  • The most appropriate ways to store and destroy personal information.
  • Whether you need a Data Protection Officer or not.

What people think about preventing most is cyber attacks. This is natural, but that there are quite a few other elements to protecting data that need to be a part of the structure.

I know, all too well, that the tendency is to wait as long as possible before researching, let alone implementing, the actions required to make information secure.

Good controls are essential to make sure that you keep things as secure as possible.

More things to consider are:

  • Does everybody in your team know their responsibilities?
  • Do your outsourced partners have similar, or better, controls than you?
  • How accessible are the policies and procedures that govern the controls?
  • Is adherence to your information security policy part of the terms and conditions in your employment contracts?

To ensure to don’t screw up elsewhere you also need other controls to make sure you don’t fall foul of other parts of the data protection regulations. 

There are other parts of data management that are equally important and making sure you keep data safe in every way is equally important. 

If you want to be perceived as being a reliable person, or company, to do business with avoiding more pitfalls than others would go a long way to achieving this.

data management

As this can affect some unexpected places, it’s good to keep an eye on things like:

  • Where you store documents.
  • The policy you have on how you market to others.
  • How you use social media and whether you include pictures, or video, of real people in them.
  • How you destroy documents.
  • How you secure things in the office at night – and let’s not leave the key in the cupboard, or drawer either.
  • Whether you allow people to carry physical files outside of the office or not.

Lots of this may seem like common sense. 

The only thing is, if anything that you do isn’t written down somewhere, and in a reasonable format, it means that you do not have, in the eyes of the regulators, anything that can be used as evidence for compliance to the regulations.

This is a common theme for all regulators and regulations.

It has been reported many times that prevention costs less than the cure. While it will depend on how you are compromised, it is very common to find that curing a problem costs a minimum of 8 to 10 times the cost of trying to prevent it.

Apart form the cost there is the time. What you do, and how you do it, will be reviewed (if investigated) within a timescale given by the regulator. This is time consuming in itself, but if you are having to repair your reputation at the same time, it can be exhausting!!

Some thoughts to wrap up:

No matter what you might think, unless you are acting as a person, these regulations will apply to you.

Do you want to spend hours trawling through help pages trying to cobble up something that you think will help you, or will you get a little professional help?

Spending a little time, and money, now will save you more of both if things do go wrong. Time is the one thing that you cannot get back, so use it wisely.

Even if I am not the person you turn to, make sure you speak to someone that you trust to cover these important topics.

One last thing

What you have to keep in mind is that everything you do has to be understood by anyone you interact with – that’s physically, or electronically. And here’s what I mean by that:

  • Anyone viewing your website.
  • Any actual, or potential customer.
  • Any staff member – if you have them.
  • Any supplier.
  • Anyone you send marketing to.
  • Your management team.

Your management team, or the business owner, are accountable for the actions and decisions made by the business, or organisation, from a legal perspective. They can receive individual financial penalties if it is decided they should know better and have done better.