The Connection Between Data and Protection

If you work in social housing, have you noticed how much ‘data’ is being talked about in the sector at the moment? Data transformation projects, data analysis data, digital data, big data, AI, the Social Housing White Paper requirements, and the ‘Golden Thread’ of data in the Building Safety Bill.

In theory you would assume that with data being such a hot topic, protecting that data would be too.

However, when I speak to people who work in social housing about data protection in their role, I often hear “I don’t work in the data protection team”, “we have a DPO / Head of IT / consultancy firm who does our data protection”, and so on.

And it really worries me. I know for a fact that the people I’m talking to in housing associations ARE working with data every day, and a large chunk of that data is related to people – customers, colleagues and other contacts. Even property data is linked to people. This makes it personal data, and so it’s subject to data protection legislation.

So why is there such a disconnect? Why are we losing the connection between data and protection?

Is it because data protection is misunderstood or is it because it’s (dare I say) inconvenient? Perhaps a bit of both?

I know that most people I meet who work in social housing have the best of intentions, but unfortunately it isn’t always translating into the most appropriate actions when it comes to protecting data and the people the data relates to.

What to consider when buying new CRM software

Imagine you’re buying new software to store your customer data. You know it needs to be secure, and you know your organisation should comply with the GDPR. You find a software provider who can do what you need and they tell you that not only is their security the best, but also that “we take GDPR seriously and we are fully compliant with GDPR”.

That’s bound to make you feel reassured and confident that you, as the purchaser, are doing the best thing for your organisation, and for your customers whose data you will be keeping secure.

But here’s an unpopular truth; it’s not likely to be that simple.

If the company you’re buying from is storing data in the USA or is USA-owned, for example, there’s nothing they can say or do that means you – the purchaser – will be complying with data protection laws by using their software.

I’ll say that again – the provider can’t (or shouldn’t!) make promises that imply or state that you will be complying with GDPR by using their software.

What I mean by that is, there is so much more to data protection compliance than buying software from a company that claims to take GDPR and security seriously. Using the USA as an example again, because that applies to so many of the big tech companies; in most cases, any data held in the USA or by a USA-based company could potentially be accessed by the USA Government, regardless of what the contract between yourself and the provider says. So that should be considered when purchasing software.

Your responsibility as the Data Controller and purchaser

If you’ve read any of my recent blogs, you probably won’t be surprised to hear that it’s all about Risk Assessment. The crucial point is that it’s you, as the purchaser of the software, and as the Data Controller, that is responsible for deciding if that software does indeed support your data protection compliance.

As well as considering the location of the data and the company ownership, security is of course vital. But we also need to be clear from the outset whether we can lawfully handle our customer data in the way we are planning to using this particular software.

For example, is it actually lawful to use AI or to store biometric data or to contact customers by text or to do whatever else we’re planning? It could be that the planned use of data can be done lawfully but only if certain measures are put in place first. So it needs to be thought about at the earliest stages in order to be able to build data protection into the foundations of the project, especially before large amounts of money are spent on software. It is your responsibility to make sure that the connection between data and protection exists.

Free webinar on using customer data to build trust and fulfil your purpose

If you’re interested in learning more about how to embed good data management into all your customer interactions, avoid costly mistakes, and use customer data to build relationships based on trust, please sign up to our next FREE webinar below:

Wednesday 8th September 2021 at 11am on Teams.

Leave a Reply

Your email address will not be published. Required fields are marked *