GDPR - It's a team effort
Published on: 24th April 2018
By PYXI GDPR Team
One of the driving principles behind the GDPR and its adoption into future UK Data Protection legislation is to enforce and support a positive culture-shift in personal data handling and data responsibility. And we're all in it together. Large or small, UK, EU or "rest of world", the GDPR is creating the biggest deliberate change in attitudes to personal data in history.
In small businesses, whether you're a sole trader or a 250 person company, everyone you work with needs to join you on the journey to GDPR compliance.
“We’re all going to have to change how we think about data protection.”
These are the words of the UK Information Commisioner, Elizabeth Denham, who says;
“The new legislation creates an onus on companies to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.”
So when we're looking into our own data systems, and driving towards GDPR compliance, we'll need to draw in everyone who accesses the data in our businesses, everyone whose data we hold in our businesses, and collaborate together to build appropriate data policies and procedures to manage our responsibility to the people whose data we process.
This will give the best possible chance of ensuring good practice around the data we hold, and reduce the potential risks to the data being processed incorrectly, or even breached. It also reduces the chance of carelessness, or ignorance leading to improper data actions and improves your chances of creating a workforce and business that really takes its duty of care seriously, and who act thoughtfully and responsibly around the data you control and process. A well-educated and trained team can also be invaluable in spotting weaknesses and risks in the business that may not be immediately obvious in your initial reviews.
Compliance is a journey, and it's going to be a real help to be able to share that with everyone you work with.
PYXI GDPR Team: 24th Apr 2018 14:00:00
Subscribe to our
Weekly GDPR Newsletter.
It's full of really useful updates
for UK small businesses.
Enforcement Notice For Not Responding To A Subject Access Request
Ainsworth Lord Estates Limited has been served an enforcement notice for not responding to a Subject Access Request. A Lancashire-based business, Ainsworth Lord Estates Limited, has been served an Enforcement Notice by the Information Commissioner... click to read more