The leaves are changing colour on the trees, new school shoes are buffed and ready to go, and there are newly sharpened pencils filling those first pages of crisp notebooks… It must be September.
Even though my school days are well behind me, I’m still struck by the feeling that this month marks the start of something new. A chance to turn over a new leaf and make progress in some way. I might not be heading off to class with a rucksack strapped to my back anymore, but that doesn’t mean I can’t commit to doing things better this new school year.
You probably know you need to make progress with privacy compliance. It’s something that we’re often told is still on the to-do list. But the need to get this right isn’t going away. If anything, it’s becoming more urgent.
Over the summer, there has been a litany of data breaches and fines hitting the headlines – from FOI requests mishandled by the police to the multi-million pound fine handed down to TikTok by the Irish regulator. Get privacy wrong and you could get a big bill, plus do untold damage to your reputation with customers.
So if this September is your time to get privacy sorted, here are my top 10 tips:
1. Just do it
Forging new habits is never easy. As the old saying goes, tomorrow never comes. There will always be a million reasons you can think of not to get privacy sorted, but this is something you really need to get off the to-do list. You’ll feel better for it.
2. Get your foundations right
Be confident that you know what personal data you’re processing. You can then move on to working out where it comes from, where it is kept, who you share it with, what you use it for and what you do with it when you no longer need it.
3. Involve everyone in your organisation
There’s a temptation to rely on technology to do privacy compliance for you, but with 88% of data breaches caused by human error, chances are it’s your people that will let you down. The ICO, for example, has issued new guidance recently about using alternatives to the BCC email function when sending emails containing sensitive personal information to multiple recipients. Failure to use the BCC box (or an alternative such as bulk emailing services) is one of the top causes of data breaches reported to the ICO each year. Train all of your staff to understand why data protection compliance is important to the success of your organisation.
4. Appoint a team of privacy champions
Effective privacy compliance isn’t a one man (or woman) job. Those who get this right appoint a brilliant team of cross-disciplinary privacy champions who drive enthusiasm for privacy across the business, and are agile enough to adapt as the company grows.
5. Pledge to give privacy a seat at the top table
Just as it’s important to get your teams talking about privacy, the executive leadership team needs to as well. Make privacy part of the agenda at board meetings, ask designated champions to provide regular updates, and build it into roll out plans for new products and services. Everyone should be asking – what does this new feature/function/decision mean for privacy?