Data Protection FAQs

What are the benefits of getting data protection right?

There are huge benefits to ensuring your data protection is done right. Data protection is important because it:

  • helps reduce the number of data breaches
  • helps prevent loss of trust and reputation
  • helps protect your customer’s privacy
  • builds customer loyalty
  • improves your brand’s value
  • gives you a competitive advantage over companies who don’t value data protection
  • allows you to comply with contractual requirements
  • is a legal requirement

Get in touch with Kristy for more information.

How do I know what data protection processes I need to put in place?

Data protection may seem complex at first, but it doesn’t have to be daunting. In order to know what policies and processes are required, you first need to understand what data you have, why you have it, who you share it with and how long you keep it.

An audit will highlight the key ways in which you can improve your data process and add value to your organisation. I have a variety of audit and review packages so that you can choose the right one for your business.

What is a data breach?

A data breach is a breach of security which leads to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access of personal data. 

Having a data breach can be a stressful, heart-dropping, ‘the world is ending’ type incident. I understand how it feels… and I can help. 

I can tell you if you need to report the breach to the ICO or tell the data subjects. If the breach is reportable, I’ll do this for you and act on your behalf with the ICO.  I’ve dealt with many, many data breaches and been in contact with the ICO on numerous occasions. While having a data breach may seem like the end of the world, it likely isn’t and I can help you manage the situation,

My Data Protection Officer (DPO) service offers 24/7 support to assist you in minimising the impact of a data breach. Book your free consultation today for additional advice and information.

What are the benefits of outsourcing a Data Protection Officer?

There are a range of benefits to bringing in an experienced DPO, from time efficiency to gaining access to expert advice. My 24/7 service means that I’m available when you need me. 

Additionally, I can provide expert advice so that you won’t have to spend time and money researching and reading through legislation.

Having an outsourced DPO gives you confidence and peace of mind in your data protection without the costs of employing a DPO full-time. You can rest assured that your data is safe, you’ll understand what you should and shouldn’t do with your data and you’ll know your organisation is compliant with data protection legislation.

Does the GDPR apply to me?

The UK GDPR applies to all organisations that handle personal data. This includes businesses, charities, schools, community groups and public bodies. All organisations are required to register with the Information Commissioners Office (ICO) unless they are exempt.

What are our responsibilities as a business?

Businesses collect and use a wide variety of personal data, such as employee records and customer information. It’s essential that all of this personal data is properly protected and used in accordance with the principles of data protection law. Staff need to be trained on what they can and cannot do with data.

As part of my support services, I offer training (onsite and remote) for teams to equip them with the knowledge they need to properly oversee the use of personal data.

When is it compulsory to appoint a Data Protection Officer?

Under the UK GDPR, you must appoint a DPO if you are:

  • a public authority or body (except for courts); or
  • your core services require large scale, regular and specific monitoring of individuals (such as online tracking);
  • or your core business activities consist of largescale processing of special categories of data and/or data relating to criminal offences.

If your business falls under any of these categories, appointing a DPO can, among other things, show your customers and your staff that you have a responsible approach to data compliance.

How do I know what data protection processes I need in place to be GDPR compliant?

Data protection law may seem vast and daunting and many organisations don’t know where to start. 

That’s where I can help — each organisation is different and I can provide a personalised approach to help you with your GDPR compliance. It’s not a good idea to use policies that you found on the internet or pinch them from another organisation — these policies are specific to their organisation and not yours. You are also likely to be breaching copyright laws if you take this approach.

Having an audit is the best way to become compliant. At the end of the audit process, you will have a report with recommendations and, depending on the package, a record of all personal data processing in your organisation, new policies and appropriately-trained staff. I’llwork with you to implement my recommendations. If you need help but can’t do a full audit right now, my support service offers a paybythehour service.

How do I identify issues in our data storing process?

The storage and retention of data is an issue for every organisation. Most are holding data that they should no longer have and don’t have a retention policy. 

Basically, you can’t keep data ‘just in case you might need it later’, and emails are not a filing system. The only way to ensure that your data is secure and that you are compliant with the law is to have a full data protection audit. This may seem like a daunting and onerous task – but with me, it isn’t. I can take this worry away from you with my auditing service

Get in touch – I can help.

What is a Subject Access Request (SAR)?

The UK GDPR gave additional rights to individuals and changed some of the existing rights. Subject access requests are now free and have to be responded to within one month (three months if it’s a complex or large request). SARs give the data subject the right to obtain a copy of their personal data from you, as well as other supplementary information.

Personal data can include emails, documents, meeting minutes, CCTV footage and recordings of telephone conversations. It is basically anything which shows or mentions the individual. If the data in the SAR includes the data of other people, there are exemptions which mean you don’t always have to disclose it and some of it can be redacted (removed).

I deal with Subject Access Requests every day and I can take the burden of dealing with a SAR away from you. My pay-as-you-go support service is ideal in times like this.