Free Resources
click the buttons to access, or scroll down for the blog
Downloadable checklists
YouTube videos - short videos & full webinars
CP Data Protection Channel – click here to subscribe!
Why bother with data protection?
Using your Email database lawfully
When & where to consider data protection in new projects & policies
How to identify data-related risks to people
How to monitor your risks (& controls)
Are your Board members doing these risky things?
“Golden thread” data requirements for Housing Associations
Purpose & Data Alignment Webinar – Use customer data to build trust & fulfil your social purpose
Free 15-min quick question call
The Buzz - free online group for social housing (& similar sectors) DP chat.
The Hive - free online group for social housing DPOs.
The CP Data Protection Blog
Some thoughts and advice on issues in the Data Protection world, and sometimes straying into other Information Governance topics.
The role of the Data Protection Officer (DPO): From Blocker to Builder
Data protection law is often viewed as a necessary evil, and a lot of ‘red tape’. But this doesn’t mean that data protection officers (DPOs) and other professionals in the field of data protection should be seen in the same light. Instead, Luke Beckley and Clare...
GDPR can be your biggest asset in digital transformation, not an obstacle
Digital Transformation can improve customer experience, reduce costs, and drive sustainable growth. It's not easy, though, with so many moving parts and opportunities for things to go wrong. But there is something that many people see as an obstacle, that with a...
Supporting colleagues through menopause while respecting their privacy
More organisations are talking about supporting colleagues through menopause, which I believe is mostly a positive move, but I am worried that some of the support will inadvertently lead to privacy breaches, which I'll explain below. So I pulled together some research...
[Video] How to support colleagues through menopause, while respecting their privacy
Get the most value from your projects; solve the Purpose Paradox by asking 3 questions
When EDI meets privacy
With National Inclusion Week 2022 coming to a close, what will your organisation continue to do to support inclusion in the workplace? Thoughts often turn to workshops, diversity champions, EDI statistics (Equality, Diversity & Inclusion), and so on. These require...
Social Housing Providers: Are you ready for the RSH TSM data collection?
The Regulator of Social Housing (RSH) recently published the final list of Tenant Satisfaction Measures (TSM) questions, that social housing providers have until April 2023 to get ready to start collecting data for - just over 6 months. I can imagine the stress and/or...
Why Data Purpose is Crucial – guest slot on “Get Data Done” on YouTube
Our Director & Consultant, Clare Paterson, was thrilled recently to be asked to join Phil Husbands of Truly Intelligent Business on their YouTube channel, Let's Get Data Done, to talk about why data purpose is crucial. After talking about why it's crucial for...
Customer insight in social housing: How to repurpose data safely & lawfully.
Customer insight Customer insight in the social housing sector is a key aim amongst many housing associations; we want to better understand our customers and better serve them. However, in a recent discussion about repurposing and combining data in the social housing...
Domestic CCTV and social housing tenants
There is (understandably!) a lot of confusion around the use of domestic CCTV, including the cameras fitted in 'Ring' doorbells and similar systems, especially when those cameras are used by social landlord tenants, which can be compounded when the footage is used as...
Data Quality; how to ensure your data is good quality (1 min. video)
In under 60 secs we identify the 3 pillars of good quality data, to support your decision making and help you fulfil your organisation's purpose.
How to respond to SARs (& make SARs less stressful)
If you're anything like me, when I was working in-house doing Data Protection at a large Housing Association, you let out a sigh whenever a Subject Access Request (or SAR) hits your desk. Especially if it's taken a number of days, or even weeks, to get to you, leaving...
How to identify process-based risks in your DPIA; a checklist
In the last article about Data Protection Impact Assessments (DPIAs), we explored three techniques to help identify the ways people could be impacted by your planned processing, as part of the risk assessment part of a DPIA. In this article we'll look at the...
How to identify data related risks using your imagination
In the last article about Data Protection Impact Assessments (DPIAs), we explored what a DPIA should include, based on the requirements laid down in the (UK)GDPR. Here we'll discuss how to identify data related risks using your imagination. In brief, a DPIA should...
Data Protection Day – what’s it all about?
So every 28th January is Data Protection Day...but you would be forgiven for thinking "So what?" "What is 'Data Protection Day'?" Or "What is 'Privacy Day'?" as it's sometimes known. And "why is it important?" If you don't consider yourself as being in the data...
What is a DPIA? (Data Protection Impact Assessment)
Did you receive a text recently, apparently from the NHS, telling you that all adults need to receive the Covid booster? You might assume all the data related issues were worked through before the text was sent, perhaps in a Data Protection Impact Assessment (DPIA)....
RSH Sector Risk Profile 2021
Published in the month of Halloween, does the 2021 Sector Risk Profile from the Regulator of Social Housing contain any scary surprises? To be fair, as it's about risks, it's all pretty scary. But what does it say about data protection risks? One welcome surprise,...
How to remove data protection related barriers in projects
Are you frustrated by the obstructions being put in your way and hoops you're being asked to jump through in the name of data protection or information governance? Do you want to remove the data protection related barriers in projects? Do the processes feel like too...
Could your housing association have a data breach?
As a housing association leader or board member, how well do you know the chances of your housing association having a data breach? In this post our director, Clare Paterson, draws on her sector experience and expertise to explore the risks of a data breach in social...
3 steps to setting objectives in the social housing sector
Sometimes it feels like there are never enough available hours, days or weeks to achieve everything we set out to do. Following the recent media focus on poor quality social housing, we look at the 2020/21 Regulator of Social Housing (RSH) Consumer Regulation Review,...
Good quality data; how to invest in good quality data
Every piece of data you are holding has a cost; a financial cost to your organisation, and/or an environmental cost to the planet. In this article we'll explain those costs and explain how to invest in good quality data instead. If data is stored electronically on...
A guide to website Cookies
If you find the rules around website Cookies and Cookie pop-ups confusing and frustrating, you are definitely not alone. This is a quick run-through of what you need to know if you manage or own a website, with no overly complex technical or legal jargon. In summary,...
What are the benefits of good data protection?
Here are 5 business benefits of following robust data protection practices and governance:
Increase efficiency
Build customer trust
Reduce risks of harm to customers
Prevent discrimination
Protect your resources, both time and money
How to build a data protection governance framework
Housing Associations have access to valuable and potentially sensitive data about the people who live in your homes. Properly managed, that data can help build customer relationships based on trust, and bring your purpose and values to life. Do you know how your...
3 risky things Board Members do with their emails
Are your Board Members or Trustees doing any of these 3 things with their emails, which are a risk to both your resources and relationships? 1. Using their personal or day-job email addresses for board related work. What's the risk? If the external email...
How to manage data protection risks when buying software
Terrible Software Contracts This is a topic I've touched on in my last two blog posts, but as I keep seeing more terrible* contracts from software firms, I wanted to write in more detail about how to manage data protection risks when buying software. *Terrible for the...
What is Data Protection Governance & why is it so important?
We all remember the GDPR rush of 2018, when organisations raced to collect consents for marketing emails and publish updated Privacy Notices before the new data protection legislation – GDPR – came into effect on 25th May 2018. We were all focussed on getting our data...
The Connection Between Data and Protection
Have you noticed a disconnect recently, a lack of the connection between 'data and 'protection'? If you work in social housing, have you noticed how much 'data' is being talked about in the sector at the moment? Data transformation projects, data analysis data,...
Data Protection Basics – a handful of sand
If you're melting in this hot weather like I am, let's not get hot and bothered trying to take in everything happening in the world of Data Protection (DP). Let's concentrate on data protection basics - some no frills pointers to help you get to grips with your data...
Sending Emails Lawfully – How to comply with PECR & (UK)GDPR
How to carry out a DPIA or Risk Assessment – an Overview
Over the past month in our blog posts, we've talked about the risks linked to personal data, and its use (or misuse): how and when to identify and assess the risks, how to control them, and monitor them, and the all-important steps to take when your colleagues have...
Monitor risks and controls – DP Risk Assessments
In the last blog we looked at Controls & Conflict in DP Risk Assessments, and how to handle the reality that you may get pushback from the project team or from elsewhere in the organisation. You can read it by clicking here. Today we're looking at how and when to...
Guide to service emails Vs marketing emails
Controls & Conflict in DP Risk Assessments
In our last blog post we talked about brainstorming to identify risks, and how to measure the risk, when assessing data protection related policies and projects. Click here to read it. This time we're looking at appropriate controls for the risks you've identified,...
How to carry out a Data Protection Risk Assessment
In our last post - click here to read it - we talked about the types of project and policy work where data protection should be considered, and where to get prompts included in the right places - the right paperwork and meeting agendas especially. Now let's explore...
When and where you should consider data protection in new projects
In our last blog article we talked about how important it is to "bake in" good data protection practices to a new policy or project, because it's painful trying to add it as an afterthought, in the same way as you can't easily make fruit scones without adding the...
Privacy by Design – What have raisins and data protection got in common?
As lockdown eases, our Director, Clare Paterson, has enjoyed scones in the garden with family. And because data protection is never far from her mind it struck her that the scones represented a great metaphor for what the ICO refers to as “Privacy by Design”. Clare...
Welcome!
Welcome to the CPDP Membership - post below to say hi and introduce yourself. We'd love to know what's your biggest challenge with data protection, and hopefully we can help!
When is a GDPR breach not a data breach?
Is there a difference between a “data breach” and a “GDPR breach”? The phrases are often used interchangeably, but it’s struck our Director Clare Paterson that sometimes people actually mean two different things and it’s leading to confusion. So here she explains the...
A guide on using email addresses in the housing sector
The main points of this post are available in a video - click here to view the 4 minute email marketing video. With literally thousands of customer email addresses at their fingertips, it’s easy for housing providers to think that a quick email to everyone about their...
How Brexit affects GDPR and the one thing Housing Associations need to do next
The end of 2020 was monumental in terms of the UK exiting the EU, with Christmas Eve seeing an agreement deal following 10 months of negotiation and then New Year’s Eve marking the end of the transition period. With the UK adopting UK GDPR (which is essentially the...
Social Housing – New Data Requirements
Social HousingNew Data RequirementsFOUR THINGS HOUSING ASSOCIATIONS NEED TO DO IN 2021 TO PREPARE FOR NEW DATA REQUIREMENTS With many housing organisations only just getting to grips with GDPR, it may seem like data management might have had it fill of changes for a...