What businesses get bombarded with, when it comes to data protection is cyber security. It is true that in our modern digital age having the correct anti-virus software, encryption software and to be up to date with other information in the ISO 27000 range of standards is important. However, data protection is more than just cyber security.
Unless the policies and processes your organisation support the management of those important tools you will most likely, at some point, fall foul of data protection legislation.
Policies and Procedures
Most organisations have some regulation, or terms, that they have to satisfy in order for them to keep going. For social organisations like scout groups, or swimming clubs, there will be some relating to Health and Safety while using any facility as part of their activities.
For the purpose of complying with data protections legislation, terms and conditions are the external view of your policies and procedures so that people know:
- How your organisation interacts with them.
- Why their data is collected.
- How it is treated.
- What level of care is used to securely store their data.
- How it will be destroyed.
The terms and conditions will also have all of the other rules about what the individual has to do and what the responsibilities are of the organisation to ensure the expected outcome. Often part of the terms and conditions is consent from an individual so that certain activities can be undertaken by the organisation. As consent is such a large topic it will be left for another day.
There is so much more information available, some of it very detailed. Please look through the other blogs and see if the information you want is provided.
If not, we would be pleased to answer your enquiry through firstname.lastname@example.org , or visit
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/ for more information direct from the ICO.