Are you frustrated by the obstructions being put in your way and hoops you’re being asked to jump through in the name of data protection or information governance? Do you want to remove the data protection related barriers in projects? Do the processes feel like too much red-tape?

Our director, Clare Paterson, has some clear and practical advice on how to remove the barriers by changing the way you engage your data specialists.

“The sooner you can start the process of involving your data protection or information governance colleagues, the better. If data-related risks aren’t queried until a project is about to go live, it can lead to a lot of very annoying unpicking and some hefty changes to be made.

On the other hand, if your data protection colleagues have a seat around the project planning table at the start, they can let the project team know what to look out for and how to avoid it, before decisions have been made, reducing the number of decisions that need to be un-made.

Project Benefits and Risks Test

There’s something even more effective though; running the idea of the project through a benefits and risk test (which includes data-related risks) before any resource is spent at all.

At CP Data Protection we call this the “So What?” Test. This includes asking:

1. What problem are we trying to solve, and is it a problem that even needs to be solved?
2. If it is, will this actually solve the problem?
3. If it will, is the cost and risk proportional to the problem?

It’s surprising how often it’s found there’s actually no real need for a particular course of action, just by answering questions 1 and 2 above. And we’re not even considering data protection risks or any other type of risk until question 3.

Deciding if the problem actually needs to be solved, and if the costs and risks are worth the payoff, all comes back to your overarching purpose. You only have so many resources as an organisation, so you want to ensure everything you spend precious time, energy and money on is fully aligned with your purpose.

Even getting as far as convening a project team, or writing a report on different project approaches is a waste of resources, if the project doesn’t pass the “So What?” Test. It would be like gathering a team to debate whether you should choose a Granny Smith apple or a Bramley apple, only to discover that your purpose is to make the best banana split in town!

Some examples where “So What?” helped:

Some examples of the type of projects I’ve been asked to “make data protection compliant”, which turned out to be more like apples when the client wanted a banana split:

– Using vehicle tracker data in performance management
– Refreshing customer segmentation data
– Rolling out a testing procedure
– Buying software to send text messages

The Chief Executive of the Regulator of Social Housing said recently that housing association Boards need data to be able to make decisions. And I couldn’t agree more, but be careful what data you’re picking to present to your Board; don’t offer them apples when you’re trying to make a delicious banana split.

DP Governance Health Check and New Programme

For a free Data Protection Governance health check for housing associations, fill in your details below to access the template and receive information about our new Programme which helps you align your data management with your Purpose. (You can unsubscribe at any time.)

The framework that the Programme introduces you to can be applied to all types of data, not only personal data, including asset and financial data, both vital data for housing associations.”

When EDI meets privacy

With National Inclusion Week 2022 coming to a close, what will your organisation continue to do to support inclusion in the workplace? Thoughts often turn to workshops, diversity champions, EDI statistics (Equality, Diversity & Inclusion), and so on. These require...

Social Housing Providers: Are you ready for the RSH TSM data collection?

The Regulator of Social Housing (RSH) recently published the final list of Tenant Satisfaction Measures (TSM) questions, that social housing providers have until April 2023 to get ready to start collecting data for - just over 6 months. I can imagine the stress and/or...

Why Data Purpose is Crucial – guest slot on “Get Data Done” on YouTube

Our Director & Consultant, Clare Paterson, was thrilled recently to be asked to join Phil Husbands of Truly Intelligent Business on their YouTube channel, Let's Get Data Done, to talk about why data purpose is crucial. After talking about why it's crucial for...

Customer insight in social housing: How to repurpose data safely & lawfully.

Customer insight Customer insight in the social housing sector is a key aim amongst many housing associations; we want to better understand our customers and better serve them. However, in a recent discussion about repurposing and combining data in the social housing...

Domestic CCTV and social housing tenants

There is (understandably!) a lot of confusion around the use of domestic CCTV, including the cameras fitted in 'Ring' doorbells and similar systems, especially when those cameras are used by social landlord tenants, which can be compounded when the footage is used as...

Data Quality; how to ensure your data is good quality (1 min. video)

In under 60 secs we identify the 3 pillars of good quality data, to support your decision making and help you fulfil your organisation's purpose.

How to respond to SARs (& make SARs less stressful)

If you're anything like me, when I was working in-house doing Data Protection at a large Housing Association, you let out a sigh whenever a Subject Access Request (or SAR) hits your desk. Especially if it's taken a number of days, or even weeks, to get to you, leaving...

How to identify process-based risks in your DPIA; a checklist

In the last article about Data Protection Impact Assessments (DPIAs), we explored three techniques to help identify the ways people could be impacted by your planned processing, as part of the risk assessment part of a DPIA. In this article we'll look at the...

How to identify data related risks using your imagination

In the last article about Data Protection Impact Assessments (DPIAs), we explored what a DPIA should include, based on the requirements laid down in the (UK)GDPR. Here we'll discuss how to identify data related risks using your imagination. In brief, a DPIA should...

Data Protection Day – what’s it all about?

So every 28th January is Data Protection Day...but you would be forgiven for thinking "So what?" "What is 'Data Protection Day'?" Or "What is 'Privacy Day'?" as it's sometimes known. And "why is it important?" If you don't consider yourself as being in the data...

Any questions?

If you have any questions about data protection, either about governance frameworks or anything else related to personal data, book a free call!

Image of Clare Paterson - Caucasian female with long brown hair and wearing glasses

Author: Clare Paterson, CP Data Protection director

Clare draws on over 20 years of experience in risk management and quality assurance, including ten years in data protection, to provide clear and practical advice and training.

Don’t tell everyone (shh!) but Clare’s favourite sector is social housing. She worked in a large housing association for 12 years, although she loves to support all values-led organisations.