More Tips To Help You Understand GDPR
Ensuring your policies are up to date ...
POSTED BY ELLEN WILLOUGHBY ON 13/08/2020 @ 8:00AM
Following on from Hazel's recent blog post where she discussed some top tips to help you understanding GDPR, such as not always needing consent, here are 3 more top tips that she believes you may also be interested in ...
Remember, GDPR fines are huge so make sure your policies are always evolving!
copyright: ipopba / 123rf
Fully understand why you collect and hold the data you do
GDPR requires that the handling of personal data must be collected only for specified, explicit and legitimate purposes. You are also required to be transparent regarding the collection of data and you can only do this if you understand yourself the reasons for collection.
If you collect your customer's date of birth, figure out if you actually do need this and if so, understand why, be clear and tell them why.
Review your current contracts
Remember that under Article 13 of GDPR, you must provide your data subjects with privacy information at the time when the personal data was obtained. Article 14 states that if you obtain that personal data from a third party, then you should provide them with privacy information, "within a reasonable period after obtaining the personal data, but at the latest within one month". The sure-fire way of being as clear as possible is with that privacy notice stated clearly on your website and by directing your data subjects to it.
Any terms and conditions you have had drafted may also need to be updated. If the handling of data is quite pivotal to your obligations under the contract, you may need additional data protection clauses to lay out each parties' obligations under GDPR.
Compliance is a journey
It has been over two years since the implementation of GDPR and I am sure many businesses got their policies drafted and not revisited them since. Many of those businesses wouldn't have been fully compliant even after putting these procedures in place, as there may have been quite a lot to do. GDPR compliance is very much a continuous process and it should become part of your internal processes to ensure that compliance is still being achieved.
For example, GDPR can be difficult to understand and organisations need to be proactive in training their staff regularly to ensure they are up to speed with all the necessary information. When new staff members are joining you, they should be given basic data management training, and everyone should have some understanding of how their organisation uses data.
Remember, the fines are huge!
Data Protection may no longer be a hot topic, but enforcement action does continue. The ICO lists the enforcement action it has taken and so far this year, a former social worker has been prosecuted and Britain's biggest electrical retailer has been fined £500,000 after their 'point of sale' computer was victim to a cyber-attack, which affected at least 14 million people.
Last month, a London-based pharmacy was fined £275,000 for leaving approximately 500,000 documents in unlocked containers. No data was compromised, but the fine was for failing to ensure the security of such data.
And a local windows company was fined last year for cold calling individuals who are registered with the TPS. The ICO also issued an enforcement notice to a finance company who failed to respond to a subject-access request.
This is just a snippet of what could land you in deep water if you do not take your data protection seriously so if you have any concerns about how your business is handling GDPR, or you want your privacy policies and procedures reviewing, then get in touch and Hazel can take a look for you.
Until next time ...
Would you like to know more?
A huge thank you to my colleague Hazel Napier for this week's blog post!
If you have any concerns about your own GDPR policy, why not talk to us? Call us on 01858 414226, leave a comment below or click here to ping over an email and let's see how we can help.
About Ellen Willoughby ...
I'm Ellen, Director of All About Quality and All About Productivity. I have over 20 years experience as professional in the quality world and 17 years as a practising Buddhist. As a result of this, I have a passion for improvement. in both business and personal life.
More blog posts for you to enjoy ...
Other bloggers you may like to read ...