My Data Protection Diary: Start the year with the top 5 tips to be compliant with the General Data Protection Regulation (GDPR). | Blog 2022

My Data Protection Diary: Start the year with the top 5 tips to be compliant with the General Data Protection Regulation (GDPR).

Welcome 2022, a new year, new goals and aspirations, and a new page of the data protection diary... so you don't forget the essentials for your data security portfolio to manage the privacy of your customers’ data!

Not everyone sets aside a portion of their budget at the beginning of each year to implement or overhaul their data protection system... and the most common response we hear is' I did it last year, it's not necessary'!

It might not be necessary, if once you’ve read this diary entry, you’re confident that you’ve got everything in place across your organisation that I’m about to mention in our Top 5 Tips!
... this is where the first meeting with Kellie of 2022 begins: 'Kellie, today I have no questions about current issues, but only your recommendations for companies to start the new year in the best possible way.’

Organisation of ideas and ready for our session!

K.P.: Here are my 5 essential tips for an organisation to comply with the General Data Protection Regulation (GDPR), and to reduce the risk of experiencing a data breach, scams, or large fines.

  • Make sure you are registered with the Information Commissioner Office (ICO). So, whether you are a director of a limited liability company, a partner in a partnership, or a sole trader who runs his or her own small business, you need check to make sure whether you need pay the ICO's annual registration fee. If you process personal data as part of your core activities, you must register and pay the dues annually, unless you fall into the exempt category.

    If you want to get more information about whether or not you should register, please check here:

  • Make sure you have well-trained staff, that you’ve covered their responsibilities to keep personal data secure in their day-to-day activities. Researchers from Stanford University and a top cybersecurity organisation found that approximately 88% of all data breaches are caused by an employee mistake. Human error is still very much the driving force behind an overwhelming majority of cybersecurity problems. Investing routinely in regular training to make sure your staff are up to date on your expectations of them when handling customers' data is essential. Having your workforce trained on your data protection policies and procedures means that the company is likely to have high standards of processing information.

  • Make sure you have a clear procedure for dealing with scams. It is incredibly important to make sure that your staff can identify a phishing email, text message or phone call, and know how to promptly report them. Consider conducting your own fake phishing scam to identify how many staff are likely to fall prey to a scam. Speak with your IT team, about the measures they have put in place to reduce the volume of phishing emails. We even hosted a free webinar on the subject as we are concerned by the significant rise in scams that our clients were noticing, you can watch the recording here:
  • Make sure your actions comply with the principles of the GDPR... a good percentage of organisations fail to comply with the transparency requirement, potentially resulting in complaints from individuals and high fines to pay. Some of the highest fines of 2021 were handed out to those companies who weren’t transparent with their stakeholders or made it too difficult to find out the following:
    • how you handle their data;
    • why you collect data;
    • and where the data are stored.

Double-check your Privacy Policy to make sure it reflects your data processing activities. It is important that it is clear and understandable to anyone who reads it about how you process and handle their personal information. Don’t forget to include the purpose and source of any personal data you’re processing when you collect it from a third-party (e.g. data broker / publicly available source).

  • Following the pandemic, Hybrid working is the new approach adopted by many organisations around the world. Now that you’ve changed your company’s approach to working, you’ve also updated your policies and processes to reflect your new approach, haven't you? The most common answer we hear is, 'Oops, no we haven’t updated our policies and processes yet’. Well, hurry you still have time to do it.

    Updating policies and processes are important to ensure all your team know what’s expected of them in this new way of working. If you’ve implemented new systems to help support hybrid-working, you’ll probably need to give that Privacy Policy another once-over as well. Make sure your policies are tailored to your business needs and GDPR compliant. In order for you to comply with the GDPR regulations on data processing whilst hybrid working, be sure to follow these steps highlighted in our helpful infographic: Data-Protection-Challenges-of-Hybrid-Working.pdf

G.P.: Thanks Kellie for the top 5 tips every organisation should follow to improve GDPR compliance.

Yes, 5 top tips like the 5 stars that you would like to receive from all your customers, right?

The 5 top tips are part of the quality process of your 5 stars... protect your data and your reputation and enjoy a 5-star review every time.

See you at the next session and if you have any questions on how to achieve a 5 star review for your data protection, please do not hesitate to contact me.

See you soon, Giulia xxx

The information and remarks provided in this article represent insight and guidance for best practice which is correct or valid or appropriate at time of publication.

Latest News & Events

What Is a Data Leak and How Do They Happen?

Data leaks are a serious problem for organisations and individuals. In this day and age, individuals freely provide personal information to organisations, therefore a data leak can have a significant impact on both the company and the person. They often involve the exposure of personal data (such as name, address and financial details), with additional damage to the company or organisation in terms of potential financial loss and reputational damage.

Read more

Contact Databasix

Tel 01865 346080

Get Data Protection Services t/a Databasix
is a registered company in England & Wales.
Registration No. 15292208

Unit B Oakwood
Oakfield Industrial Estate
OX29 4TH

Supported by Business Resilience secured by OxLEP Business
Supported by Business Resilience secured by OxLEP Business