Data protection, commonly referred to as GDPR, is here to protect every individual (or natural person as it says in the legislation) from those who would otherwise profit from using their personal information. Therefore, it is vital for every business (including companies, partnerships and C.I.C’s of any kind), clubs, associations, sole traders and charities to get right.
By supporting these various types of enterprise or interest I have been able to use my qualifications to bring them great benefits.
There is so much to think about as the legal framework requires so many aspects to be covered.
I know that the basic things you need to think about are:,
What people think about preventing most is cyber attacks. This is natural, but that there are quite a few other elements to protecting data that need to be a part of the structure.
I know, all too well, that the tendency is to wait as long as possible before researching, let alone implementing, the actions required to make information secure.
More things to consider are:
To ensure to don’t screw up elsewhere you also need other controls to make sure you don’t fall foul of other parts of the data protection regulations.
There are other parts of data management that are equally important and making sure you keep data safe in every way is equally important.
If you want to be perceived as being a reliable person, or company, to do business with avoiding more pitfalls than others would go a long way to achieving this.
As this can affect some unexpected places, it’s good to keep an eye on things like:
Lots of this may seem like common sense.
The only thing is, if anything that you do isn’t written down somewhere, and in a reasonable format, it means that you do not have, in the eyes of the regulators, anything that can be used as evidence for compliance to the regulations.
This is a common theme for all regulators and regulations.
It has been reported many times that prevention costs less than the cure. While it will depend on how you are compromised, it is very common to find that curing a problem costs a minimum of 8 to 10 times the cost of trying to prevent it.
Apart form the cost there is the time. What you do, and how you do it, will be reviewed (if investigated) within a timescale given by the regulator. This is time consuming in itself, but if you are having to repair your reputation at the same time, it can be exhausting!!
No matter what you might think, unless you are acting as a person, these regulations will apply to you.
Do you want to spend hours trawling through help pages trying to cobble up something that you think will help you, or will you get a little professional help?
Spending a little time, and money, now will save you more of both if things do go wrong. Time is the one thing that you cannot get back, so use it wisely.
Even if I am not the person you turn to, make sure you speak to someone that you trust to cover these important topics.
What you have to keep in mind is that everything you do has to be understood by anyone you interact with – that’s physically, or electronically. And here’s what I mean by that:
Your management team, or the business owner, are accountable for the actions and decisions made by the business, or organisation, from a legal perspective. They can receive individual financial penalties if it is decided they should know better and have done better.