Data protection and privacy have this mythical power to make us all cringe with fear. But they’re not as scary as we all think. Yes, changes are coming. Overhauls of the EU Data Protection Laws are likely in the next few years, but there’s really no need to panic just yet. Better to concentrate on getting your house in order now, for today’s legislation, and then focus on the legislation when it comes into play. Don’t worry about the future. You’ve got lots to do now, so get your ducks in a row first.
Every firm is different and every process is different, so every policy will be different. But the law is always the same. The Data Protection Act 1998 sets out the rules that have to be followed. The ICO regulates the law and provides guidance. This blog doesn’t constitute legal advice, but it will offer you some top tips for data protection and privacy to get the wheels in motion.
Keep data secure
To start with, make sure all personal data is kept secure, accurate and up to date. It goes without saying that data in spreadsheets can easily be misplaced or end up in the wrong hands (we see it all the time in the news). So it’s better to have a more formal mechanism, like a CRM system, to keep data secure. A solution like Lexis InterAction, with its secure log in, automatic unsubscribes and bounce backs, electronic communications data security and mailing preference management, is a great way of underpinning and supporting your data protection policies and ensuring privacy statements are enforced.
Follow the 8 principles of the Data Protection Act
The 8 principles of the Data Protection Act 1998 (DPA) are a data handler’s bible. Follow each principle step-by-step and you won’t go too far down the wrong path. For example, personal data should be processed fairly and lawfully, adequate, relevant, kept up to date, not held for longer than necessary, not transferred to a country outside the EU etc. For the 8 principles in full click here.
Under DPA every organisation/sole trader processing personal information MUST notify/register with the commissioner unless they are exempt. There’s more information here. While we’re on the subject a written data protection policy is not a requirement of the DPA. However, drawing one up is good practice to ensure a systematic approach and cover off succession planning.
Don’t violate privacy
It’s not just how we store and manage data; privacy and electronic communications regulations also need to be complied with (this includes spamming!). We all know we shouldn’t spam people but you’ll be surprised at how many companies do it without being aware that they are. The ICO offers a guide to privacy and electronic communications. Make sure you check it out.
Hopefully this blog has shown you that data protection and privacy isn’t a big scary monster, more like a cute kitten that’s got a bit of an attitude problem. Once you know how to handle it and get your house in order it’s not as bad as everyone thinks. BUT, it isn’t something to be ignored; fines for not complying are hefty as well as damaging to a firm’s reputation.