My Data Protection Diary, 7th August 2020
Welcome back to my second blog, ‘My Data Protection Diary.’ Wow! I am glad to see you again!
Every day, I am excited to meet with Kellie, when I learn a lot of things about the data protection world. We talk about topics like Brexit, Black-List, Data Breaches, Subject Access Requests etc... But we can talk more about these subjects later.
Today, I will tell you about my second meeting with our Data Rockstar. Are you ready?
It was amazing! After we met, I flipped through my notebook and I thought about the GDPR and its principles, the ICO, and everything else that I discovered during our session. Our conversation is below!
G.P.: Last time we talked about the General Data Protection Regulation (GDPR) and we discussed what it is. Today, I would like to go a bit deeper: what are the principles on which the GDPR is based? And who within an organization is responsible for it?
K.P.: Good question Giulia! Let me explain clearly because these are the basics to understand data protection properly. The general GDPR principles are these six:
- Lawful, Fair and Transparent
- Purpose Limitation
- Data Minimisation
- Accuracy
- Storage Limitation
- Integrity and Confidentiality
A Data Protection Officer is the professional figure inside a company who ensures
that the process to manage personal data complies with all six general principles.
This formal position is not always necessary in a business, but the company should still give the responsibility for data protection to one individual, often a nominated Data Protection Lead.
G.P.: Oh, thanks Kellie it is extremely useful to understand what the GDPR is based on. But is there by any chance, a “police” type of figure who checks if companies comply with the regulation?
K.P.: Yes, sure. The Information Commissioner Officer, or ICO, is the independent regulatory office in charge of upholding information rights in the interest of the public.
Every organisation that process personal information must register with the ICO, who publish the names and addresses of those organisations, and the Data Protection Officer if they have given permission. They also include a description of the type of processing each organisation performs. If your organisation processes personal data, failure to register with the ICO is against the law. So, Giulia yes, the ICO is like the police, the “data police”.
G.P.: Oh now, I understand how the data protection is managed and regulated.
Finally, I would like to share with you a taste of my participation in the realization of one of our main products: ‘The GDPR Toolbox: Essentials’.
Due the Covid-19 situation, the Databasix team created this product to help companies to adapt their businesses to the new circumstances. Smart working has been an intelligent way to continue their activities, but the data protection risks have increased. Working on this product and having these sessions with Kellie, I have learnt about the risks linked to different scenarios and how our Toolbox can support companies to avoid data breaches.
Are you curious to get more information? Well, follow me in the next ‘My Data Protection Diary’ episode. We will talk about the data protection risks raised during the pandemic. It will be interesting, do not miss it!
Hope to see you again in my next blog.
Giulia