Business leaders often tell us they don’t know where to start when it comes to privacy. We advise that after building awareness, an organisation needs an inventory of the personal information it holds.
Some questions to ask: as a business, what data are you collecting? What do you do with it? Where do you keep it? Who do you share it with? How long do you keep it and what do you do with it when you no longer need it?
In the second of our short training videos, the Privacy Guy explores a scenario where a doctor is trialling new software that sends messages to remind patients of their appointments. Perhaps someone thinks that’s a great idea and hands over their number. Then they start getting unrelated text messages late at night, making references to their medical history.
And how about if a company decides to trial some calendar software to help with diary management, particularly for sales people looking to schedule demonstration meetings. Do you foresee any potential concerns there?
A successful organisation builds and maintains the trust of its customers by protecting their information. Under the GDPR, businesses can’t just process or hold personal information because they want to or think it might come in handy. You can’t collect information for one purpose and use it for another. It’s a good idea to instil a policy of data minimisation – keeping the amount of personal information you process to a minimum – which reduces your risk of a data breach.
Find out more next time in our third privacy promise – Transparency.
Build a culture of continuous privacy compliance
At the Privacy Compliance Hub, we make compliance easy for everyone to understand, care about and commit to. We call it a culture of continuous privacy compliance. Our platform, created by two ex-Google lawyers, provides a structured programme to follow, giving you confidence you’re keeping your customers, investors and the regulators happy. Discover how it works here.