Keeping people’s personal data safe is a key consideration for businesses. Almost every business will process personal data in some form or other – it could be employee data, customer data, or maybe you process data on behalf of another data controller.
As every single business is different, there is no one-size-fits-all solution to data protection compliance. Here are some of our top tips to help you along the way.
Know what you hold
Knowing what data you are collecting or processing is key to demonstrating compliance and is really helpful if you ever need to respond to a subject access request.
We would recommend undertaking a data audit and recording the types of information you hold and the categories of people you hold it for. This will not only help to shape your data protection policy but will be invaluable in responding to a data subject who exercises their rights under the data protection legislation.
Know why you hold it
Once you’ve established what you are holding, take a step back and ask why. Is there a valid reason for holding it or is it just because? The data protection regime sets out that data should only be used in ways a data subject would reasonably expect. Make sure to record the reasons for processing in your data audit.
Don’t hoard it!
Put simply, if you don’t need it, don’t keep it. Retaining data you don’t need can be problematic firstly because you may not have any lawful basis to process it, but also because it probably won’t meet the requirement for data processing to be fair.
The data protection laws place an emphasis on transparent. You must tell data subjects what data you process, the reason for processing it, the lawful basis for processing it and how long you’re keeping it.
Once more, this will be much easier to do if you have undertaken a data audit.
Not sure? Just ask!
If data protection is playing on your mind or if you are not sure about something, get in touch and we will be pleased to assist.