Sometimes, I feel I would be a millionaire if I had a pound for every time someone said this to me!
When GDPR arrived on the horizon, it was difficult for companies and the general public to understand that very little had changed.
Many of the principles of GDPR were already embedded in the Data Protection Act 1998. However, because this Act had been overtaken by technology, and was largely being forgotten, there was some catching up to be done.
Hence, the fanfare arrival of GDPR.
In essence, the simplest way to understand data protection regulations is to ask yourself the following question, ‘am I processing this personal data in a fair and proper manner?’ If the answer is no, or you are not sure, you probably need to refer to the regulations.
Personal data is quantified as: any information you might hold on an individual that will identify them. This could be their name, along with their address, or their name and phone number. From working with many local businesses, I know that they often have questions around how current data protection regulations fit within their existing processes.
Typical things they ask, include: ‘Am I doing things the right way?’, ‘What should I be doing?’, and ‘Could I get fined?’
When faced with all these questions, it can seem confusing and very tempting to bury our heads in the sand.
Far too many businesses, both large and small, have been reported to the Information Commissioner’s Office. Don’t become one of them!
There are a few simple questions you can ask yourself to begin, or revisit, your data protection journey. For starters, do you know what personal data you collect from your clients, customers, and guests?
And where are you storing your clients, customers, and guests’ personal information? This could be in the cloud, on static devices, or simply in a drawer.
Is this secure enough? Consider how much personal data you are holding. Think about the harm it would cause the person if their data got mislaid, lost, or stolen.
Once you’ve answered these questions, it should become clear if you’re on the right path or not. You may discover that you are not storing personal data in a secure enough way, and need to make some changes.
If you have any burning questions about GDPR or data protection, I am always up for a chat, and an initial 30 minute call is free.
So don’t be confused, become data protection savvy!
Written By: Lisa Wilson CIPP/E