Privacy and Data Protection
Data privacy should be viewed as protecting the individual, not just as complying with regulation. By considering the privacy of your customers, employees and other stakeholders, you show that you care about their privacy and will retain their trust. Data protection is an operational challenge as much as a technical challenge. We help clients to define what their data handling processes should be and help invent innovative ways of implementing them across the business. We will help to create the necessary documentation, but our main target is to improve the way data is managed day to day so that all employees are confident in applying the data protection principles in their roles and therefore protecting the privacy of the individual’s they deal with.
Some of the key things to consider when addressing data protection within your organisation are:
Identifying your data flows – this is an important step in being able to identify where the risk is within your business, both from a security perspective and a data misuse perspective. There is some interesting technology that can help with this depending on the nature of your business.
Data Protection Impact Assessments (DPIA) – A DPIA is similar to a risk assessment and should be conducted every time you introduce a new way of processing data. This might be using a new third party, offering a new service, changing to a new IT system, branching out to a new type of customer etc. A DPIA helps you assess the impact of your action on the individual. We can provide templates tailored to your business and coach you through the most effective ways of conducting a DPIA.
Privacy Notices – A key part of data protection is allowing the individual’s to make their own decisions regarding their data. In order to do this, they need to be informed about how you are processing their data. There are lots of different ways to do this, so this is where we can get creative!
Third Party Management – as with any branch of risk management, third parties must be carefully managed to ensure they provide the same level of protection to personal data as you do. It is important to have the right contracts in place and to check those contracts are being acted upon.
Breach management and notification – How you act when things go wrong will have a huge impact on your reputation, not to mention any legal requirements of timely notification. Having a well thought out breach management process in place can give guidance and structure when you need it most.
Training and education – One of the most effective ways of improving your data protection is to make sure your people have the knowledge and motivation they need to handle personal data in the right way. Our training sessions are workshops can help senior level and operational employees to understand the importance of data protection in our current society and give them easy, practical ways of managing personal data in their everyday roles.
Our preferred way of working with you:
|Understand your current business processes, see how you operate so that any new processes can fit seamlessly into your business.|
|Design straight forward data protection processes and implement into your every day business practises.|
|Record your data protection policies and activities in a simple, single document that will allow you to demonstrate your commitment to your stakeholders and your compliance to relevant regulatory bodies.|