Data Protection: Good Practice
We all know that good practice when it comes to Data Protection is so important for all businesses. It is one of those areas that if it goes wrong, it can go badly wrong. The damage to business reputation as a result of Data Confidentiality breaches can be severe. It can sometimes lead to negative media exposure and also lead to follow up action being taken by the Information Commissioner.
So it is recommended that from time to time every business reviews its approach to Data Protection and Confidentiality. The main aims of such a review should focus on compliance, and check that the day to day practice within the business is consistent with good practice principles.
We have helped many clients to adopt a good practice approach to Confidentiality and Data Protection. Some simple tips can really help in this area:
- Putting in place a clear simple Data Protection/Confidentiality policy and then sending a short annual refresher to remind staff about this;
- Nominating a lead person in the business to take overall responsibility for all Data Protection/Confidentiality matters;
- Ensuring that a focus on Data Protection/Confidentiality is reinforced in relevant HR processes, e.g. recruitment, induction, performance review, training, exit processes;
- Checking that other business policies and systems reinforce good Data Protection practice e.g. IT security, building security, Technology encryption;
- Reviewing training needs for staff to ensure that understanding and awareness increases;
- Dealing swiftly with any potential breaches or areas of non-compliance;
- Implementing simple regular checks and mini-audits to test out compliance and good practice;
- Seeking further specialist advice for more complex Data Protection queries e.g. Subject Access Requests
The General Data Protection Regulations (GDPR) will apply in the UK from 25 May 2018. It is important businesses prepare to meet the requirements of GDPR ahead of May 2018 and beyond. Tamar HR will produce further guidance over the coming months to help businesses with these important changes.
Our advice is to not to view Data Protection as simply a compliance exercise but to think about the way Data Protection/Confidentiality is applied in practice in our day to day work. Taking proactive steps as set out above can help to promote a culture of awareness and strengthen the business in this important area.