The first of our Eight Privacy Promises. It is crucial to establishing and maintaining a culture of continuous compliance. Without awareness, people will not understand. If they don’t understand, they won’t care. And if they don’t care, people will not do what is needed to protect personal information and prevent a data breach.
At The Privacy Compliance Hub, we use a simple structure to make it easy for everyone in an organisation to understand privacy and data protection. That structure is our unique Eight Privacy Promises. Helping everyone understand those Eight Privacy Promises is our very own Privacy Guy who guides you through what it means and what it takes to comply with the law.
Promise 1 – We know our privacy obligations
Or, put another way, we promise to make everyone in our organisation aware of the importance of processing the personal information we collect with care and integrity having regard to the privacy of individuals.
What The Privacy Guy needs you to understand
For people to be aware, they need to know the basics. People need to understand what personal data is, what it means to process personal data and what the purpose of the GDPR (and other privacy rules) is. They need to know the basic principles of the GDPR such as ‘data minimisation’ ie. if you keep the amount of personal data you process to a minimum, it is easier to protect it.
Perhaps most important is for people to understand the purposes of the GDPR (and other privacy rules). To most people the GDPR is just an annoyance, or an irrelevance. People relate it to pop up boxes on websites which just get in the way of reading an article.
What people need to understand is that the GDPR is designed to protect people’s personal information and give them rights in relation to that personal information. Who wouldn’t want their personal information protected and to have rights in relation to it?
Why The Privacy Guy thinks you should care
It is probably easier to think first about your day to day life outside work. You wouldn’t want all the personal information contained in the dating app you use to be shared without your permission (imagine if your parents found out!). Likewise, you wouldn’t want to visit the doctor about that embarrassing problem, only to find out that the doctor didn’t keep your information safe.
You should think the same way at work. You are handling information every day which individuals just like you would want kept securely. Those individuals only want that information to be used in the way they would expect it to be used. Those individuals don’t want to know that you are not looking after it and don’t want to be surprised by what you are doing with it.
What The Privacy Guy needs you to do
All The Privacy Guy asks is that you apply the principles of data protection that you would expect in your daily life to your work life. Treat the personal information of others as you would want your personal information treated. If in any doubt as to what that means, go back to the basics of what the privacy rules are trying to achieve – to protect personal information and give individuals’ rights in relation to that personal information. If still in doubt, ask the person in charge of your organisation’s compliance programme. What, you don’t know who that is? Then read on……
A culture of continuous compliance
In our view, the only way to comply with privacy rules such as the GDPR is through a cultural shift in your organisation. At The Privacy Compliance Hub, we help organisations establish and maintain a culture of continuous compliance by making everyone in an organisation understand privacy, care about privacy and to do their bit to protect personal information. Our platform contains a structure, a programme, a route map, records, information, reporting and training to enable all organisations to comply with the privacy rules including the GDPR and the CCPA.