diary cover

My Data Protection Diary, 7th August 2020

Welcome back to my second blog, ‘My Data Protection Diary.’ Wow! I am glad to see you again!
Every day, I am excited to meet with Kellie, when I learn a lot of things about the data protection world. We talk about topics like Brexit, Black-List, Data Breaches, Subject Access Requests etc... But we can talk more about these subjects later.

Today, I will tell you about my second meeting with our Data Rockstar. Are you ready?
It was amazing! After we met, I flipped through my notebook and I thought about the GDPR and its principles, the ICO, and everything else that I discovered during our session. Our conversation is below!

G.P.: Last time we talked about the General Data Protection Regulation (GDPR) and we discussed what it is. Today, I would like to go a bit deeper: what are the principles on which the GDPR is based? And who within an organization is responsible for it?

K.P.: Good question Giulia! Let me explain clearly because these are the basics to understand data protection properly. The general GDPR principles are these six:

  • Lawful, Fair and Transparent
  • Purpose Limitation
  • Data Minimisation
  • Accuracy
  • Storage Limitation
  • Integrity and Confidentiality

A Data Protection Officer is the professional figure inside a company who ensures
that the process to manage personal data complies with all six general principles.
This formal position is not always necessary in a business, but the company should still give the responsibility for data protection to one individual, often a nominated Data Protection Lead.

G.P.: Oh, thanks Kellie it is extremely useful to understand what the GDPR is based on. But is there by any chance, a “police” type of figure who checks if companies comply with the regulation?

K.P.: Yes, sure. The Information Commissioner Officer, or ICO, is the independent regulatory office in charge of upholding information rights in the interest of the public.
Every organisation that process personal information must register with the ICO, who publish the names and addresses of those organisations, and the Data Protection Officer if they have given permission. They also include a description of the type of processing each organisation performs. If your organisation processes personal data, failure to register with the ICO is against the law. So, Giulia yes, the ICO is like the police, the “data police”.

G.P.: Oh now, I understand how the data protection is managed and regulated.

Finally, I would like to share with you a taste of my participation in the realization of one of our main products: ‘The GDPR Toolbox: Essentials’.

Due the Covid-19 situation, the Databasix team created this product to help companies to adapt their businesses to the new circumstances. Smart working has been an intelligent way to continue their activities, but the data protection risks have increased. Working on this product and having these sessions with Kellie, I have learnt about the risks linked to different scenarios and how our Toolbox can support companies to avoid data breaches.

Are you curious to get more information? Well, follow me in the next ‘My Data Protection Diary’ episode. We will talk about the data protection risks raised during the pandemic. It will be interesting, do not miss it!

Hope to see you again in my next blog.


The information and remarks provided in this article represent insight and guidance for best practice which is correct or valid or appropriate at time of publication.

Latest News & Events

What Is a Data Leak and How Do They Happen?

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Read more

Register for News from Databasix

If you would like to stay up to date with the latest news and events from Databasix please click below, add your details and you will be added to our mailing list.

Contact Databasix

Email info@dbxuk.com
Tel 01235 838507

Databasix UK Ltd
is a registered company in England & Wales
Registration No. 08771007

Harwell Innovation Centre
Building 173
Curie Avenue
Harwell Oxford
OX11 0QG

Supported by Business Resilience secured by OxLEP Business
Supported by Business Resilience secured by OxLEP Business