It doesn’t matter what size your business is – everyone needs to understand what data protection is and how it impacts them. If the thought of data protection brings you out in a cold sweat, you’re not alone. We don’t believe that data protection should feel daunting.
So here’s my simple 5 minute read to help you understand what it is, why it’s important, and your first steps in implementing it.
What is data protection?
While it may seem obvious what ‘data protection’ means, it isn’t really. Data protection involves two things:
1. Data security; and
2. Data privacy’.
What is data security?
Data security is the protection of data using physical security, administrative controls and other safeguards.
People want to know that you are keeping their data secure from accidental or unlawful destruction, loss, alteration, disclosure or access.
Data security includes things like:
- Encrypting your data and backing it up
- Having good anti-malware protection
- Installing operating system updates
- Using a secure wireless network
- Using a firewall
- Limiting access to data to only those that require it
- Using complex passwords
- Not storing passwords with the device
What is data privacy?
Data privacy focuses on the rights of individuals to have control over their own personal data.
Individuals have the right to know:
- why their data is being collected and processed
- what their data is being used for
- who their data is being shared with
- where their data is being kept and if it is transferred out of the UK
- how long their data is being retained for
Why is data protection important?
Data protection is important because it:
- helps reduce the number of data breaches
- helps prevent loss of trust and reputation
- helps protect your customer’s privacy
- builds customer loyalty
- improves your brand’s value
- gives you a competitive advantage over companies who don’t value data protection
- allows you to comply with contractual requirements
- is a legal requirement
Your customers, staff, suppliers and stakeholders want to know that their data is secure and that they can trust you to collect only the data that you need and to use it responsibly and lawfully.
Embedding data protection in your organisation requires you to collect, process, share, retain, and delete personal data in accordance with the law.
How do I embed data protection in my organisation?
Securing and using data doesn’t have to be complicated.
1. Ensure that you have the proper technical measures in place to keep your customer, employee, and business data secure.
2. Tell your customers and staff the ‘hows and whys’ of your data processing in a privacy notice that uses clear and plain language. Be transparent.
3. Ensure that your policies and agreements are up-to-date.
4. Have processes in place that makes it easy for people to make requests to you (e.g. a subject access request).
5. Develop a contingency plan in case you suffer a data breach.
6. Develop best practices for using data in marketing.
7. Train your team to use data in the right way.
8. Stay up to date with legislative changes.
That still seems complicated to me. Can you help?
Of course! Doing the right thing with your data shouldn’t be daunting.
We’ll help you identify areas of risk or non-compliance, explain the policies that need to be implemented, and show you how to use your data effectively.