Data Protection/GDPR Compliance News
- qedworks1
- Oct 18, 2023
- 3 min read
ARE YOU FULLY COMPLIANT WITH DATA PROTECTION LAWS? ARE YOU WORLD CLASS?
The world celebrated International Day for Universal Access to Information on 28 September. Good quality safe information and data is essential. And being able to access data is a right shared across most of the globe.
Are your Data Protection policies in world class order?
Could you, your organisation and your staff & volunteers pass a Data Protection test in the
following four critical areas of processing, namely:-
1. Legal Justification
2. Organisational and Technical Security
3. Key Responsibilities
4. Privacy Rights
Specifically, how would you classify your answers to the following 17 questions using the
traffic light approach below?
Green = Fully Met
Amber =Partially Met
Red = Not Met
1. Legal Justification
Green/Amber/Red?
· Do you know what information is being processed and who has access to it
· Is there is a legal justification for the data processing activities
· Is there clear information about data processing and legal justifications within your existing data protection and privacy policies
2. Organisational and Technical Security
Green/Amber/Red?
· Is data protection is taken into account at all times from the moment you begin either offering and employment opportunity and/or developing a product or service for each time you process data
· Do you encrypt, pseudonymize, or anonymize personal data whenever possible
· Have you created an internal security policy for your staff and built awareness about data protection
· Do you know when and how to conduct a data protection impact assessment and have a process in place to carry it out
· If you have a process in place to notify the authorities and your data subjects in the event of a data breach
3. Key Responsibilities
Green/Amber/Red?
· Have you designated someone responsible for UK GDPR compliance across the organisation
· How do you draw up and subsequently sign off data processing agreements between your organisation and any third parties that process personal data on your behalf
4. Privacy rights
Green/Amber/Red?
· Is it easy for your customers/clients/service users to request and receive all the information you have about them
· Is it easy for your customers/clients/service users to correct or update inaccurate or incomplete information
· Is it easy for your customers/clients/service users to request to have their personal data deleted
· Is it easy for your customers/clients/service users to ask you to STOP processing their data
· Is it easy for your customers/clients/service users to receive a copy of their personal data in a format that can be easily transmitted to another company or organisation
· Is it easy for your customers to object to you processing their data
· Do you have a procedure to protect the privacy rights of people about whom you make decisions based on automated processes.
Your results? – How many Green/Amber/Red from the 17 questions above?
Green? = /17 Fully Met – Carry out an annual review
Amber? = /17 Partially Met- Organise training and an update audit in areas of concern
Red? = /17- Not Met- Organise training and a complete audit
We can help you with training and/or consultancy advice in:-
· UK Data Protection/GDPR
· Privacy Electroninic Communications Regulations (PECR)
· A to Z Data Processing Audits
· Privacy Impact Assessments
We turn a potentially dry and dusty training session into a lively memorable event with:
· “You the jury” verdicts on real life case studies
· Quizzes to spot the 10 most common mistakes
· Step by step self-analysis
· Problem Sharing and Problem-Solving exercises
· Reminders about how Data Protection Law is linked to all aspects of other
Employment Laws and Customer Care Service Standards
· Templates for policies – no need to reinvent the wheel!
コメント