Blog: Eight Privacy Promises
As experts in data protection, privacy and the GDPR, we wanted to share our knowledge with you to ensure your compliance journey is as simple as possible. With a clear understanding, data protection best practice will become a natural part of your organisation’s way of working - a benefit to you and your business.
So take a look over our GDPR and data protection resources below.
The Privacy Guy – Privacy Promise 7 – International
The rules in relation to personal data are different from country to country. This has the potential to make the lives of some companies complicated. Which rules apply? How can we make compliance easier? How can we make sure that personal information is protected, wherever it travels? What if the way we process personal information is right in one country, but wrong in another?
The age of consent
What is the biggest myth touted about the GDPR? It is, “If you want to use personal information you must have consent”. Why is this a myth? Because what you need is a lawful basis for processing personal information, not consent. Consent is just one of the six lawful bases available under the GDPR.
The Privacy Guy – Promise 6 – Security
You’ve got to keep personal information safe they say. What does that mean? How safe do you have to keep it? And how do I check whether it is safe enough? All good questions. But, you won’t find the answers in the GDPR, or any other data protection legislation. What you need is a little help from real data protection experts like The Privacy Guy.
Am I a controller, a processor, or both?
Controllers of personal information are the ones with all the liability under the GDPR, right? Wrong. Processors have obligations under the GDPR too. And then there’s joint controllers as well. They are jointly liable to people who have suffered damage because of a GDPR breach. To confuse matters further, an organisation can be both a controller and a processor at the same time (although not in relation to the same processing activity).
The Privacy Guy – Privacy Promise 5 – Rights of Individuals
You’ve got to fight……… for your right………to privacy. Well, not any more. The GDPR has given individuals plenty of rights which they can exercise quickly and easily. Satisfying those rights is the tricky, time consuming part.
The Privacy Guy – Privacy Promise 4 – Safe Sharing
We all know someone who overshares, right? But, in such situations it isn’t your personal information the person is oversharing, it is theirs. In the world of privacy and data protection, it is our personal information that is being overshared. Sometimes it is sensitive personal information. And that’s far from great. In fact, it is against the law.
The Privacy Guy – Privacy Promise 3 – Transparency
This is where it starts to get uncomfortable for some organisations. ‘Transparency’ is the third of our Eight Privacy Promises. Once you have an accurate and up to date Inventory, you need to tell individuals what you do with their personal information and explain the rights those individuals have in relation to that personal information.
When and how to notify a data breach
Almost all organisations have had a data breach. Some of them know they have had a data breach. Most probably don’t. People tend to think that a data breach is caused by a hacker breaking into an organisation’s systems and gaining access to customer personal information for malicious purposes. The reality is that personal data breaches are far more likely to be the result of careless mistakes by employees than the work of hackers. In fact, 90% of UK data breaches are caused by human error.
The Privacy Guy – Privacy Promise 2 – Inventory
The second of our Eight Privacy Promises. To comply with privacy rules including the GDPR and the CCPA your organisation needs an inventory of personal information. This basic (but sometimes difficult) step is one of the cornerstones of establishing and maintaining an effective privacy compliance programme. However, keeping track of your personal information is not as easy as keeping track of your employees, or your office equipment. Personal information moves quickly and easily and is often kept in multiple locations.