]If you’re melting in this hot weather like I am, let’s not get hot and bothered trying to take in everything happening in the world of Data Protection (DP). Let’s concentrate on data protection basics – some no frills pointers to help you get to grips with your data protection.
There have been so many twists and turns in the world of data protection legislation over the past few months and years. On top of GDPR in 2018 we’ve had Brexit and the (UK)GDPR, the Schrems II decision marking the end of Privacy Shield, the new Standard Contract Clauses (SCCs), and the recent UK adequacy decision (although how long it lasts remains to be seen).
So many of my colleagues in DP write brilliantly about all of these issues and there’s not much I can add, so this week in my blog let’s go back to basics. I’m currently working with clients who are struggling to know where to start with their DP compliance, so if you’re in the same position, keep reading!
In keeping with the hot weather and dreaming of being on the beach, imagine you try to grab the biggest handful of sand you can…. then, as you stand back up lots of that sand streams through your fingers until you’re left only with a much smaller amount of sand; only the amount you can cover over with your fingers and hold onto.
Knowledge is like that sand – there’s so much out there, but we can only hold on tight to so much of it. So I was thinking, if you could only hold onto one small handful of knowledge about DP, what would it be?
And it’s this… When it comes to handling personal data, it’s important to:
Say what you do,
Do what you say, and
Do it with integrity.
For me, these are the data protection basics. But for small and large businesses alike, it can be tough to know where to start. Based on this small handful of DP sand, I believe that a great starting point is a Privacy Notice.
A Privacy Notice (PN) is a document (usually found on an organisation’s website) that tells your customers and contacts how and why you handle their personal data. So as you draft your PN you have to get clarity on exactly that. You have to ask yourself:
‘What are we doing with people’s data, and why?’
Part of the “why” is identifying your legal basis for doing that particular thing with those people’s data. So you’re also forced to be clear on that, which can be a much bigger and more complex question than it might sound.
So the next question is ‘How do I write a Privacy Notice?’ The fewer ways you use data , the simpler your PN will be. It doesn’t have to cost you anything more than your time, as you can use the ICO guidance to draft it yourself for free.
On the other hand, the headache-free way is to use our CP Data Protection PN template, designed especially for small businesses and charities, which is reduced from £102 to only £40 for the whole of July and August.
Like all of our documents it’s in clear, plain-English. We’ve added lots of useful comments down the side to help you fill it in, and it also acts as guidance for your organisation, by explaining the data protection basics you need to consider when handling personal data, and how to do it lawfully.
As an added extra, you will have the chance to attend a FREE webinar in October that will be a step-by-step walk through of filling in your unique PN. So, with the PN template in front of you, you could have completed the first draft of your organisation’s PN, within an hour!