My Data Protection Diary: Dear Chief Executive, this session is for you!
It’s nearly time to say goodbye to August ... one of my favourite months, where the sun is shining, and the temperatures are close to the highest thresholds reached in the UK, though you wouldn’t necessarily realise that from the last few weeks.
Pen in hand and mind full of ideas, after an interesting meeting with Kellie on a topic very close to many of you, I am ready for this new page of my Diary ... dear Chief Executive, this session is for you.
The pandemic and restrictions of the last year and a half have led to the reorganization or opening of new businesses, so new plans, and budgets to help you achieve them, wow!
And how many start-up founders have thought about data protection?
How many of you have reserved a portion of the budget for this? Yet data breaches have increased rapidly this year, not to mention Subject Access Requests (SAR). And you, have you thought about how to protect your company from cyber-attacks? I know, there are other priorities for your budget. But scroll down and you'll find simple tips that can help you keep your data safe.
Let's make a small introduction that can help you understand if data protection is essential for you or not, as often one of the statements I hear is: But my business does not need to worry too much about data protection, I am self-employed... Well!'
- Do you collect information from your customers or from companies that you work with?
- Do you collect data from your suppliers?
- How do you collect data? Where are they stored?
- Have you created a website for your start-up?
Well, if even one question is answered with a “yes”... continue reading this diary page and get some more information for your business.
G.P.: Kellie, being the CEO of Databasix, what are the essential steps that must be compliant with the GDPR? And what solutions would you propose?
K.P.: I love this topic... I'm sure it will be a useful session for many start-up founders.
Do you know what the GDPR is and why it is important to respect it? Here I am attaching a blog written by our team in which we explain how the GDPR works, why it is important to comply with, and what consequences you may face if you do not respect it. Whilst it may appear time consuming to figure out how to comply, if not respected it can become a large economic expense for your small business. And as we say in our team: 'Don't be late, because the GDPR doesn't wait'.
Once you are aware that the GDPR is something that affects you and the reputation of your company, I would suggest to you, dear Chief Executive, to do a careful analysis and understand what kind of data you handle. If personal information are involved, understand where they are stored and why you collect them.
After that, there are various processes that could be followed, it depends on your organisation. Usually the process starts with a data mapping exercise to identify risk areas within your start-up. (Want more information on data mapping? Download our handy infographic:
It’s also very important to train your team to understand how they should handle the personal data they come into contact with in their daily roles, so that they can keep it safe and secure. In smaller businesses, this can be even more important where individuals may wear more than one hat and access more personal data in different areas of the business.
G.P.: Yes Kellie it is really important to have the right behaviour in the treatment of data, not only yours but of your employees, suppliers and data that you collect through other channels such as the website.
I still remember how useful it was to attend the various GDPR training sessions, both the general one on data protection and the one on the marketing sector to get a better understanding of how it impacts my role. The GDPR can sometimes seem removed from the task at hand, but in reality, it’s always there and we need to think about how we’re using the data on a daily basis.
Kellie, what is the most common mistake that CEOs make when approaching data protection?
K.P.: Good question Giulia. Over the years I've heard CEOs telling me they didn't need to worry about data protection as it doesn’t really apply to them. Well, I naturally ask:
Have you created a website? Do you use sponsored promotions on your social channels?
Did you know that you need to have a Privacy Policy and share it via your website?
Well, the answer in many cases has been NO!
So, my top tip is to understand what personal data you process (and yes, this includes business contact details), evaluate the risk and then put measures in place to keep that data secure. Policies and processes will help your teams understand how you expect them to work with data and documents your approach to keeping it safe.
We’re always on hand to provide support and can work within a range of budgets. And if it’s still very early days, and money is tight, keep up to date on what you need to know through our social media. Our team shares blogs, podcasts, newsletters, webinars and... so many other resources that can support you.
G.P.: Thanks Kellie for another interesting chat together.
I hope it was also useful for the founders of start-ups out there... data protection is not something to be ignored! Start-up as you mean to go on.
Don't be shy, hit our website!
See you in September!
Giulia xxx