Month: August 2022
Data protection – pt.2 introducing new tech?
Our previous update provided a reminder of why it’s important to ensure you’re assessing the impact of new tech or contracts and what’s involved – here’s how to ensure data impact assessments are a prominent part of your processing practices.
Record keeping – The ICO (Information Commissioners Office) like evidence. If you’re on the unfortunate side of a data breach and ICO investigation, providing impact assessment records for new tech or processing practices will help you to avoid fines.
Training – ensuring your teams know how, when and why impact assessments are required embedding them as part of your data protection culture and making sure they’re being used.
Procurement processes – make sure you have a process in place so that the colleague ultimately signing off on the new tech investment or contract can check that an appropriate impact assessment has been done and actions followed up.
We can support you with the tools and training to ensure you’re creating and using robust data protection practices – get in touch to find out more.
This update is accurate on the date it was posted (24 August 2022), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.
Data protection – pt.1 introducing new tech?
Thinking about introducing new tech or a contract where you or a third party are processing personal data? You’ll need an impact assessment!
Impact assessments are seldom used but are incredibly important (especially if you suffer a data breach) – here’s a reminder of what an impact assessment involves:
Identification – calling out the specific personal data your new tech or contract will be processing and how it’ll be used.
Security and safeguards – evidencing that you’ll ensure data isn’t processed beyond the purpose it was gathered, how it’ll be kept up to date, where (if anywhere) it’ll be transferred and how any potential risks to individuals’ privacy will be mitigated (restricting access, anonymisation, for example).
Action and follow-up – it’s one thing to identify potential data risks in your assessment, but a thorough and robust process will capture the actions needed to address or minimise those risks. Make sure you have a record of all follow-ups.
Our data protection toolkit contains a template impact assessment and guidance on creating robust data processing practices – get in touch to find out more.
This update is accurate on the date it was posted (17 August 2022), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.
Avoiding holiday headaches
After August there may still be some employees who are sitting on holiday entitlement – here are a few suggestions to avoid holiday headaches as we progress through the year.
Regular reminders – if you often find you have a build-up in the final months of your holiday year, communicate early how you’d like employees to approach booking time off between now and then. Remember that time off is also a health and safety requirement under the Working Time Regulations so remind colleagues this is also an opportunity to rest and recharge!
Buy-back – provided it doesn’t take an employee below the statutory minimum of 5.6 weeks’ holiday, you can offer to buy back holidays if it’s proving difficult for employees to fit them in before the end of your holiday year.
Reluctant holiday-makers – perhaps the last resort, but don’t forget that you have the right to require employees to take holiday by giving them twice as much notice as the holiday you’re asking them to take (or whatever is in their contract).
If you need advice or support in managing potential holiday headaches, Intelligent Employment is here to help – find out how.