Data Protection Day is here – time to review your policies?
31st January 2024 by Edwina Bones
You are forgiven if you are not aware that Data Protection Day falls on the 28th January of each year. The terms ‘GDPR’ still brings a shudder to certain people when it’s mentioned, or at least a nervous / disinterested nod.
Yet data protection is not going anywhere and if anything people are becoming more and more aware of their rights, and are increasingly likely to enforce them. So now is a great time to review your data protection notices, policies and agreements to reflect upon the way in which you currently process data and to generally ensure that you are compliant.
Businesses develop and adapt all the time. You may have launched a new service or engaged with new suppliers since you first prepared your data notices. You may be storing personal data in a different way. If the way you collect, handle and disclose personal information (whether the information relates to your clients, customers, employees, suppliers, contractors or anyone else) or the type of information you collect then please take the time to update your suite of data protection documents accordingly. This may be a case of making a few slight amendments to your existing documents or having to prepare a whole new collection depending on what changes have occurred.
Make sure that your processes are working as well.
Are you sending out the required notices to individuals setting out how you are using their data (such as new employees and customers) at the right time?
Do you have a system in place to deal with requests for individuals’ personal data and ensure that you respond within the given deadlines?
Do your staff need a refresher training session on how to look after the personal data they handle?
Compliance is an ongoing obligation.
You may also want to start your Spring cleaning early, getting rid of any personal data that you no longer have a reason to keep. Consider what you are holding and consider whether there is a genuine reason for needing to hold onto it.
Do you need to retain it for insurance purposes or in the event of an employee claim?
How long do your policies say that you will retain the data for?
Delete or destroy personal data where appropriate.
If you have yet to get to grips with your data protection obligations or do not have the requisite documentation in place then it’s not too late. Ignoring your legal obligations can not only lead to investigations, fines and bad publicity but it can deter others from wanting to work with or buy from you if they’re concerned about how their data is being used, held and protected.
If you need any assistance then please contact Edwina Bones at email@example.com or on 01202 377824.