My Data Protection Diary: Welcome 2021!
Happy New Year everyone... and welcome back to my first instalment of 2021!
I’ve been looking forward to bringing you some news from the world of data protection!
I decided to dedicate the first page of my diary with some personal reflections on my experiences in the last two months.
2020 was a year full of changes for companies and for us employees... Remote working has become a new way of life: in fact, I never imagined writing this first part of my blog sitting at my desk in Italy.
After almost a year of working in the Databasix team, I had few thoughts on the various risks associated with smart working, which would have been challenging to overcome without the insight that I now have on data protection.
Hence my topic for the first page of my Data Protection Diary.
My inspirations have arisen from my daily life. We often look elsewhere, but do not dwell on the reality closest to us... And, thinking of my own experience, I wondered how many people like me share a home with friends, acquaintances or work colleagues. And I wondered how many people work or have worked from another country, for companies based in England. Reflecting on this, my thoughts jumped to think about how much risk our data is subject to if companies and employees do not carry out appropriate processes and behaviour.
Well Kellie, I'm ready for this virtual session with you!
G.P.: From my first lessons with you, Kellie, I learned that systems, processes, and human behaviour are critical to the protection of our data. Which are the biggest risks for people sharing their home with other acquaintances and friends? What are the greatest risks for employees who are working remotely from a country other than England?
K.P.: Interesting question. Let me answer your first question. Many employees, like you Giulia, share their home, using common places to work.
Working together is certainly enjoyable, but let's reflect on a typical working day. To share your ideas or material with your team, you use calls, virtual meetings, or emails.
During virtual meetings or calls, the exchange of information (data) between you and your team or manager is also shared with other members of your household if they’re in the same room. Also, getting up and leaving the computer on allows housemates to read emails or confidential information containing sensitive data. Keeping to good ways of working, such as locking computers when you leave them or using headphones for calls, helps to prevent inadvertent disclosure of information.
In addition, your organisation's use of secure information exchange software is essential to keep the data on your laptop safe. As important as the software are the various processes within your company: updating passwords, regular data backup and access control.
Having staff trained on data protection in relation to your sector reduces many risks and leads to appropriate behaviour in relation to the type of data that is processed.
As for employees working in a country other than the UK, I would add another risk to those listed above. Since 01 January 2021, when the UK left the European Union, when working abroad, your data is transferred from the EU to the UK or vice versa. Your company should have reviewed its processes and guidelines to be ready for this change. If it has not done that yet, there are still a few months to get up to speed – our handy checklist on our Brexit Infographic may help! (To download our Infographic: https://www.dbxuk.com/infographics )
I conclude this reply Giulia, by suggesting to all organisations that they implement flexible and safe remote-working controls!
G.P.: Incredible to realise how many risks can be run if we do not have adequate information on the world of data security.
Returning to the previous answer, Kellie, and dwelling on the importance of appropriate behaviour by individuals in the processing of information, I would like to leave a thought on this new page of my diary. As an expert in the Marketing sector, before working with Databasix, I never paused to think if my work respected the personal data rights of my customers. By participating in some Databasix training, I realised that it is all too easy to make a mistake, and not comply with the GDPR, rather than respecting its principles.
Kellie, in fact I was wondering, what is the risk for organisations that do not invest in training for their staff?
K.P.: Training for staff in relation to their various roles (HR, data protection officer, marketing etc ...) gives the company informed employees, aware of the importance of organisation and customer data. Staff are aware of and prepared to follow clear business processes, which are compliant with the GDPR, as well as adopting best practice behaviours that reduce the risk of human error. The number of data breaches is growing and often they are the result of human error. I recommend that all organisations implement a regular training programme for their employees, because training can avoid or mitigate the impact of a Data Breach. To put it another way, the cost of training is a lot, lot less than the cost of a Data Breach!
G.P.: Thank you so much Kellie. I have one last question before concluding our lesson. What is the greatest risk for organisations caused by human error during smart working?
K.P.: Timeliness. Let me explain what I mean. Human mistakes during a working day are a reality... anyone can make them. But understanding the risk behind the error and knowing the possible solutions helps you to fix it, or even avoid it in the first place.
An email containing your company's confidential information, accidentally sent outside your organisation can cause serious harm.
If you do not let your manager know, you are not giving them the opportunity to assess the seriousness of the breach. The GDPR stipulates that depending on the severity of the breach, the data controller has 72hrs to notify the ICO of a breach.
So, effective and regular staff training, that provides practical advice for the whole team on how to approach these concerns is really important.
G.P.: Thanks Kellie for explaining some examples of risks that can be encountered in the daily 9-5!
From my experience I can only say that the Databasix training courses I’ve been on have expanded my vision from a marketing point of view, giving me relevant insight for my role in supporting my team’s compliance with the GDPR. I do not find these sessions limiting for my work... on the contrary, this training has only made my work better and more efficient.
After years of study, I have learned that everyone seeks quality in products and services to meet their needs, and those of their clients and customers. Therefore, I would prefer to dedicate my time to building relationships with customers so that their expectations are met or surpassed, rather than relying on a large mailing list where individuals don’t engage with our content.
It’s been a pleasure to share my first diary entry of 2021 with you. I hope to meet some of you at the next Training session with Kellie.
See you soon xxx
Giulia