The UK GDPR states that we need to
make available Privacy Notices covering the data we collect and process, to allow the data subject to understand what we do with their information. It also requires that we maintain a Record of Processing Activities which is used to record the systems we use, the types of data, where and how stored, for what reason, and information on Privacy Notices and Data Privacy Impact Assessments as just some examples. These documents need to be regularly reviewed to ensure they are correct and up to date – if you are responsible for processing data, consider checking with your Data Protection team to ensure these important documents are up to date!
With most of us still regularly working from home, it is important to ensure we don’t become complacent with data.
If you work with hard copies of documents at home, you need to ensure that it is securely stored – the ideal situation would be to have a lockable cupboard to store work information in when not in use, but of course that is impractical for many of us, but we should be able to find somewhere to store this information out of plain sight, when not in use. It’s the same principle as a clean desk policy back in the office!
If you have hard copies and no longer need them, don’t just drop it into your household recycling bin! If you have the facilities, shred them first, or if not you could take them to the office next time you are there and dispose of them using the usual office facilities. Business and personal information could prove useful to somebody going through your bins!
When having virtual meetings where business or personal information may be discussed, it is good practice to try to keep the proceedings private – again, this can be difficult where family and friends are around the house, but try to attend these meetings in a room away from others if possible.
As I have mentioned before, smooth flow of data between the UK and EU relies upon the UK maintaining “adequate” protections of data in our laws. Currently the EU deems our protections adequate, but major changes can result in that status changing.
The DCMS held a consultation at the end of 2021 on “Data – A New Direction” to propose reforms to regulations, with the intention to reduce innovation barriers, ease data flow across borders, and reform the Information Commissioner’s Office. Unlocking the power of data is part of the UK government’s National Data Strategy. The consultation closed in November 2021 and responses are currently being analysed.
It is yet to be seen what changes to UK regulations may come out of this exercise, but we can be sure that the EU will be watching with interest!
Kevin Davies APP Cx Community Leadership Team