You feel overwhelmed
You know privacy is important stuff, you know you need to prioritise it, but you’re not sure where to start. We get it – your business is unique, the legal jargon is confusing and you don’t want privacy to get in the way of your ability to innovate. The good news is when it’s done right, data privacy compliance does the opposite. When you know exactly how you can use the data you hold safely, you’re able to maximise its value.
You’re unsure about what you do with people’s data
Each area of your business will touch personal data in a different way, which may not be immediately obvious to the rest of the organisation. You need to know what information you collect, what you do with it, where you keep it, what permissions you have in relation to it, who you share it with, how long you keep it for and what you do with it when you no longer need it.
You’re not transparent about how you use data
Not only do you need to understand all of these things, but you must also communicate it clearly, in easy-to-understand language. Individuals need to know what you do with their data, what their rights are in relation to that information and how they can exercise those rights. Failure to do so is likely to impact your ability to work with partners and clients, damage your reputation and leave you open to enforcement action by the regulator.
You’re not sure who you’re sharing data with
Individuals will share personal information with you because they trust you, but you might then share that data with organisations they know little about. That may be software development companies, online marketing companies, event organisers, or hosted Saas platforms. There are lots of examples where you might lose physical control of that data. You must make sure that each organisation is safe to share data with and put a data processing agreement in place.
Your staff don’t understand or care about data protection
You can’t be everywhere at once. Getting the team on board, trained and committed to privacy compliance is essential. Your team needs to know what they can and can’t do with the data your organisation holds and adjust their behaviour accordingly. You need a culture of continuous privacy compliance, rather than a one-off project or training session.
You’re not sure whether you’re secure
Maybe you’ve put some measures in place, but you’re not certain if you’re covering all of the bases. You need security policies including one that states what you do if there’s a breach. You need to train staff so they understand these policies and their responsibilities. You need to use encryption, strong passwords, update software and implement patches promptly. And all of this needs to be periodically reviewed.
You’re not staying up-to-date
Failing to promptly update software or apply security patches can leave your organisation open to data breaches. You need a system in place to ensure all staff software and apps are up-to-date, updates happen automatically and privacy fails are regularly discussed with the team so they understand the importance of updating software.
You communicate with individuals when you don’t have the right to
If you’re sending marketing emails, text messages or direct mail that you don’t have a legal right to send , you’re in breach of data protection law and could be fined. If you have a legal right to send emails make sure that they have unsubscribe links that work. Make sure your privacy notices clearly state how you use personal information for marketing purposes.
You’re still using paper
There’s a reason why the loss or theft of paper containing personal information is the fourth most common data breach in the UK. Sensitive information such as passwords, names, telephone numbers and account details are often still written down by employees and left for anyone to find on desks or at the printer. You need secure shredding and secure archiving solutions to make sure private or confidential information is kept safe.
Your products and services aren’t built with privacy in mind
Organisations used to ignore privacy, or add it in as an afterthought. That doesn’t work now. Privacy needs to be incorporated at the earliest stage of a new initiative – consider where personal information is being collected, whether it needs to be used, where it can be minimised, how it will be protected and how individuals’ rights will be observed. Privacy needs to be part of an organisation’s DNA and at the core of every decision.
At the Privacy Compliance Hub, we help organisations create and maintain a culture of continuous privacy compliance, by making sure everyone in the business understands privacy, cares about privacy and does their bit to protect personal information. Our platform offers a structured programme to follow, with training and reporting tools, giving you the confidence your business is complying with privacy rules and reducing the risk of a data breach.