Welcome guest, please log in here   |    T +44(0)115 7180333   |   E   info@halborns.com

Archive

Data protection

Data protection – pt.2 building your audit routines

Posted on: October 22nd, 2021 by Ginny Hallam

Last week we provided you with the initial building blocks for your data protection audit routines – below is the second instalment. 

Training – a key element to creating a culture conscious about data compliance, your audit routine will want to ensure everyone has had the relevant training (along with regular refreshers and records kept) so they’re up to speed with your policies, practices and what’s expected of them. We can support with data protection training – find out more.

Impact assessments – have you introduced a new computer system or marketing platform? You’ll need an impact assessment. Our data protection toolkit has extensive guidance for impact assessments – find out more.

Data subject access requests (DSAR) – maintain a DSAR log to ensure they’re being recorded and responded to appropriately. Keep track of deadlines, follow up actions and any requests you’ve made from the individual (requests for ID and admin fees, for example).

Privacy notices – they’ll need to be a regular feature in your audit routine to ensure they keep pace with your data processing practices and you’re communicating any updates necessary. You’ll find what you need in our previous updates.

In our next update, we’ll explore what great data protection training looks like.

Get in touch if you’d like to access our Data Protection Toolkit or need support carrying out an audit of your data protection practices. 

 

This update is accurate on the date it was sent (27 October 2021), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Data protection – building your audit routines

Posted on: October 19th, 2021 by Ginny Hallam

Taking a proactive and consistent approach to your data compliance routines ensures you’re keeping a handle on the data you hold throughout the year. Below are our thoughts on the key building blocks for your audit routine.

Accountability – having someone in the business accountable for data protection will help to drive audit routines and build a culture conscious about data compliance.

Personal data register (PDR) – a requirement if you have over 250 employees, but highly recommended if you don’t! A well-maintained PDR will underpin your audit routines giving you a clear picture of all the data you hold and what you do with it. We’ve got a PDR template in our Data Protection Toolkit – find out how to access.

System security – employees should only have access to personal data necessary to fulfil the requirements of their role. Regular reviews of the safeguards you have in place will reduce the risk of unauthorised access and highlight where extra security measures might be required.

Third-party processors – review any agreements you have in place to ensure they’re up to date and still relevant.

We’ll provide pt.2 of our audit routine building blocks next week. Get in touch if you’d like to access our Data Protection Toolkit or need support carrying out an audit of your data protection practices. 

 

This update is accurate on the date it was sent (20 October 2021), but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Data protection – pt.2 is your privacy notice up to date?

Posted on: October 13th, 2021 by Ginny Hallam

Last week we shared our initial thoughts on how to ensure your privacy notices keep pace with your data processing practices. Below is pt.2 on what your privacy notices need to cover…

Sharing – if you need to share personal data with third parties, clearly explain why and what they’re going to do with the information (and how they’re going to keep it secure).

Transfer – post-Brexit the European Commission provided an adequacy decision meaning rules on transfers of personal data between the EU and UK are unchanged. That said, your privacy notice will still need to call out if you transfer data outside of the UK, where to, and the legal basis for the transfer.

Rights over data – clearly explain individuals’ rights in respect of the data you collect and how they can exercise them including access, deletion, correction, or withdrawal of consent.

Complaints – explain who to contact if individuals have any queries or concerns along with their right to contact the Information Commissioner’s Office (ICO) if they’re unsatisfied with your response.

Keep your privacy notice simple, straight-forward, and use real examples throughout to present the relevant detail in a user-friendly and meaningful way. Ensure to communicate whenever you’ve updated your privacy notice. If you need our support, get in touch.

 

This update is accurate on the date it was sent (13 October 2021), but may be subject to change which may, or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.

Data protection – is your privacy notice up to date?

Posted on: October 7th, 2021 by Ginny Hallam

Your privacy notices need to keep pace with your data processing practices. Regular reviews ensure you’re being proactive with your privacy notices – below are our thoughts on what to look for:

Processing – is your purpose and legal basis for processing personal data still relevant and accurate? If not, you might find yourself unable to lawfully use that personal data if your new practices are incompatible with your original purpose.

The data you collect – new behaviour tracking on your website, who’s opening what newsletter – if you’ve introduced new data collection practices that aren’t in your privacy notice, update your notices to reflect them (as well as any new categories of personal data you’re collecting).

Timescales – you must not keep personal data for longer than you need it. If you now need to hold personal data for longer than your privacy notice states, you’ll need to update it with a clear justification as to why this is now the case.

Contact details – ensure your business contact details are still accurate, along with those for your data protection officer if you have one (because your core activities include regular monitoring of individuals, for example).

We’ve got more for you to consider in our next privacy notice update. Later in this series we’ll be looking at audit routines, training, contracts and policies.

In the meantime, get in touch if you’d like our support to ensure you’re being proactive in your privacy practices. 

 

This update is accurate on the date it was sent (7 October 2021), but may be subject to change which may, or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.