Red Tape Busters Volume 8, Issue 09, `Data Protection’
Welcome to the June edition of Crab Insight
“That’s life (that’s life), that’s what all the people say. You’re ridin’ high in April, shot down in May. But I know I’m gonna change that tune. When I’m back on top, back on top in June.” Frank Sinatra
If as a business owner you need assistance getting back on top this month especially with Covid Secure Workplaces please take a look at:
Our focus in June falls on Data Protection. If you need practical help please do take a look at our solutions:
Claudia Crab’s June Focus
“We can only see a short distance ahead, but we can see plenty there that needs to be done.” Alan Turing OBE FRS computer scientist.
“There’s plenty there that needs to be done. Lets get on with doing it.” Elizabeth Denham, CBE UK Information Commissioner at the Information Commissioner’s Office (ICO)
Data protection law, at first sight, is complex and ambiguous full of unfamiliar terms and legal phrases. The ICO do their best to try to demystify this but like all regulators, they have to cover themselves when interpreting complex areas of law. They do not have the resources to give detailed bespoke guidance to all UK businesses.
If you process personal data, our top tip is that you will most likely have to pay the data protection fee, there are exemptions to this but they do not relieve you of complying with the law.
Essentially the law gives a number of data protection principles that must be followed:
- You must identify valid grounds (known as a ‘lawful basis’) for collecting and using personal data.
- You mustn’t do anything with personal data in breach of any other laws.
- You must use personal data in a way that is fair. This means you must not process it in a way that is unduly detrimental, unexpected, or misleading to the individuals concerned.
- You must be clear, open, and honest with people from the start about how you will use their personal data.
- You must limit the purposes for which you collect data and not use it for unspecified purposes.
- The personal data must be accurate, adequate, relevant, and limited to what is necessary.
- It shouldn’t be kept longer than is necessary (retention periods should be determined based on reasonableness/law).
- It should be protected by appropriate security measures to keep it secure and confidential
- You should take responsibility for what you do with personal data and for compliance with the principles
The big question this month is:
Why should my business be transparent in handling personal data?
Friday 11 June 2021
12 noon to 2 pm
Renewing Reputation Advocates