Why Data Protection Matters
If you employ staff, provide services or goods to individuals, customers, market to them, operate a charity, run a membership organisation, or operate CCTV, (to give just a few examples) then you will be involved in the processing of personal data and you will need to comply with the law.
Processing covers a wide range of activities such as collecting personal data, considering, or storing it, sharing it, or erasing or destroying it.
Personal data means information that relates to [is ‘about’] a living individual.
The law exists to prevent harm to individuals. It sets out how personal data should be processed to protect individuals from harm.
Getting it wrong can lead to complaints to you, followed by a complaint to the personal data watchdog- the Information Commissioner’s Office (‘ICO’), enforcement action (including potential ‘fines’) and even claims for compensation. Your reputation may also be affected.
Organisations, whether they are what the law refers to as ‘Data Controllers’ or ‘Data Processors’ are obliged to comply with the UK version of the General Data Protection Regulation (‘GDPR’) as well as the Data Protection Act 2018 when processing personal data. Other laws exist such as the ‘Common Law’ Duty of Confidence, the Human Rights Act 1998 and the Privacy and Electronic Communication Regulations (‘PECR’) of 2003 -concerned with the use of ‘Cookies’ in websites and electronic marketing to individuals.
As well as complying with UK law if you provide goods or services to individuals in Europe (or monitor their behaviour) then you will have to comply with the European GDPR. You may also need to appoint a representative for your organisation in Europe.
If you are an overseas organisation and you again offer goods/ services or monitor the behaviour of UK citizens, then you may need to appoint a UK representative. DPA/OK can perform this role for you.
DPA/OK can help you process personal data properly and in accordance with the law.
Information Security and data protection are different but linked. It is a requirement of the GDPR to keep personal data confidential, to preserve its ‘integrity’ and to ensure it is available for use when needed.
For an organisation to meet this requirement they should conduct a risk assessment. This process requires organisations to know what personal data (and other information) they hold and to recognise its sensitivity or criticality to the organisation. There also needs to be an assessment of what threats there are to that information, the identification of any security vulnerabilities within the organisation as well as the chances of something untoward happening and, if they did, the consequences. DPA/OK can help you with this process and the identification of any measures deemed necessary to do away or reduce risk.
DPA/OK is based in the West Midlands but advises organisations throughout the UK and overseas.
Click on the links above or below to find out more about us, the services we offer and how we can help you.
Please contact us to arrange a free no obligation telephone discussion.