Back to school: Nigel’s top 10 privacy tips for the start of a new (school) year

It’s the perfect opportunity to turn over a new privacy compliance leaf

By Nigel Jones

Co Founder of The Privacy Compliance Hub

September 2023

The leaves are changing colour on the trees, new school shoes are buffed and ready to go, and there are newly sharpened pencils filling those first pages of crisp notebooks… It must be September. 

Even though my school days are well behind me, I’m still struck by the feeling that this month marks the start of something new. A chance to turn over a new leaf and make progress in some way. I might not be heading off to class with a rucksack strapped to my back anymore, but that doesn’t mean I can’t commit to doing things better this new school year. 

You probably know you need to make progress with privacy compliance. It’s something that we’re often told is still on the to-do list. But the need to get this right isn’t going away. If anything, it’s becoming more urgent. 

Over the summer, there has been a litany of data breaches and fines hitting the headlines – from FOI requests mishandled by the police to the multi-million pound fine handed down to TikTok by the Irish regulator. Get privacy wrong and you could get a big bill, plus do untold damage to your reputation with customers. 

So if this September is your time to get privacy sorted, here are my top 10 tips: 

1. Just do it 

Forging new habits is never easy. As the old saying goes, tomorrow never comes. There will always be a million reasons you can think of not to get privacy sorted, but this is something you really need to get off the to-do list. You’ll feel better for it. 

2. Get your foundations right

Be confident that you know what personal data you’re processing. You can then move on to working out where it comes from, where it is kept, who you share it with, what you use it for and what you do with it when you no longer need it.

3. Involve everyone in your organisation

There’s a temptation to rely on technology to do privacy compliance for you, but with 88% of data breaches caused by human error, chances are it’s your people that will let you down. The ICO, for example, has issued new guidance recently about using alternatives to the BCC email function when sending emails containing sensitive personal information to multiple recipients. Failure to use the BCC box  (or an alternative such as bulk emailing services) is one of the top causes of  data breaches reported to the ICO each year. Train all of your staff to understand why data protection compliance is important to the success of your organisation.

4. Appoint a team of privacy champions

Effective privacy compliance isn’t a one man (or woman) job. Those who get this right appoint a brilliant team of cross-disciplinary privacy champions who  drive enthusiasm for privacy across the business, and are agile enough to adapt as the company grows.

5. Pledge to give privacy a seat at the top table

Just as it’s important to get your teams talking about privacy, the executive leadership team needs to as well. Make privacy part of the agenda at board meetings, ask designated champions to provide regular updates, and build it into roll out plans for new products and services. Everyone should be asking – what does this new feature/function/decision mean for privacy?

Answer our GDPR compliance checklist questions and we will email you an objective, personalised audit report within minutes, completely free of charge.

Get your audit

6. Talk to your customers about privacy

Privacy is fast becoming a competitive advantage – just look at the steps Apple has taken recently to give users control over the apps tracking them via devices such as the iPhone. Surveys have shown 74% of people now rank data privacy as one of their top concerns – and that’s true across every age group. So let your customers know what you’re doing about privacy. You may be surprised at the tangible difference it makes. 

7. Make a data breach response plan

If the worst happens, you need to be prepared. Data breaches can cost a company significantly – from the prospect of fines and reputational damage, to the practical cost of putting it right. A data breach response plan should include who will be included in the response team, a template communications plan, and suggestions on how to analyse the circumstances of the breach to stop something similar happening again.

If you want more practical content like this article, please click below to sign up for our monthly newsletter.

Sign up now

8. Take our privacy health check

It’s test time! Our free GDPR health check will help identify what you’re doing well around privacy compliance and where there’s room for improvement. It’s a good way to get started if you’re feeling overwhelmed.

9. Celebrate your achievements 

It’s easy to get bogged down in the difficult stuff. Tick off a few of the easier items to get you moving and celebrate those achievements with the team. You could start by reviewing your website privacy notice, or your Record of Processing Activities. Are they up to date? Does anything need to change? 

10. Make a plan

Privacy compliance isn’t a one-off exercise. It requires an ongoing commitment, led by the leadership team but involving everyone in the company. We can help you break that down into manageable chunks and give you a roadmap to work towards.

More to watch and read