Hello, hope you have had a good and if you are in the UK, short, week.
During the course of my work I come across many instances where companies require me to help them with the data protection element of their due diligence when looking to engage suppliers, particularly if its in relation to a bid on a significant contract and they are having to contract in additional resources.
There are still more than a few companies out there that are either blissfully ignorant of their need for compliance or mistakenly think that certain elements of data protection law don’t apply to them that do, or they think that they are too small an organisation to have to worry about such things or are ‘under the radar’ as the ICO focus on bigger organisations. Not so.
It might however not be any of those things it might just be the fear that it will cost a fortune and that with a squeeze on finances, especially if affected adversely by the Pandemic, that something has to give and it’s just a question of priorities.
Please don’t think I’ve been sniffing paint when I say this but you don’t necessarily need someone like me to help you comply if money is tight. Don’t get me wrong, if you do have the money then it’s ALWAYS a better idea to hire a professional (ask anyone who has tried their hand at a bit of DIY plumbing and spectacularly failed with expensive consequences).
However, when it comes to data protection compliance and data security there are free ‘official’ resources and guidance out there as doing something is better than nothing and you will get short shrift from the regulator if you suffer a data breach which could have been prevented by taking a few steps and having some good governance in place which you should be doing as a business or organisation anyway to be fair.
So, here are some links to some of the resources provided by the regulator the ICO and also by the UK Government’s National Cyber Security Centre.
Do yourself a favour and make some time to look at them, here’s some links to start you off;
Remember, work on your 3-Point Plan;
1. Where is my data coming from?
2. What do I do with it whilst I am in possession of it?
3. What do I do when I’ve finished with it?
Also referred to as Pseudonymization, is the personal data processing so that the data can no longer attributed to a specific data subject
Click Here To Find Out More About How We Can Help you with Data Protection
Just a gentle reminder that you could get a professional in for just 66p a day if you haven’t already, something to think about?…..Have a great weekend and talk again soon!