GDPR New Year’s Resolutions

The UK government has not had a fantastic start to the year. The New Year’s honours list, a list of individuals receiving awards on New Year’s Day, was mistakenly posted with personal contact details of over a thousand people. While the document was only available for around an hour, many notable—and often controversial—figures had their full addresses listed. The singer Elton John, baker Nadiya Hussain, and former director of public prosecutions Alison Saunders, were all included in the breach. Starting the new decade in the Information Commissioner’s Office’s doghouse, The Government is already playing catch-up.

However, they won’t be the only one. Without strong data protection policies and practices, breaches are inevitable. So, while diets and fitness plans may have already bit the dust, building a strong framework for GDPR compliance should be a New Year’s resolution that lasts.

Resolution 1: Perfect your data mapping

Data Mapping has been a curse for administrative staff across the EU. Yet, the benefits of keeping accurate records could not be clearer. Data mapping is a requirement within the GDPR, but it also comes in handy in the event of a Subject Access Request or breach. For instance, if a fire occurred in the archive room, a record of all documents held in the archive room will help with recovery.

Knowing exactly where all your data is held can reduce the strain when a problem occurs. As a New Year’s resolution, precise data mapping is a must-have.

Resolution 2: Learn to Recognise a Breach

The breaches seen most on the news are caused by cyber-hacks, or ransomware. Incidents such as the Travelex ransomware debacle often make the headlines. However, breaches caused by human error are much more likely, and usually are a lot harder to spot. Learning to recognise possible breaches quickly, means you can manage and mitigate them before they cause a problem. Issues such as missing files or incorrect information, are often ignored. and are often left unreported by staff, due to a fear of being reprimanded. Without a positive culture around data protection, it’s likely you’ll end up dealing with more serious consequences from breaches.

When moving your organisation forward this year, encouraging an atmosphere where staff feel able to speak up, should be a priority.

Resolution 3: Plan. Plan. Plan.

When an organisation discovers a breach, a ticking timer starts. If a breach is serious and needs to be reported to the Information Commissioner’s Office (ICO), it must be reported within 72 hours of discovery. This includes weekends and bank holidays. When a breach occurs, it is vital to have a tried and tested plan in place.

This year, make sure all your breaches are managed smoothly. Establish clear steps to report the breach internally, gather detailed information, and judge whether the breach is serious enough to be reported to the ICO. Ideas such as a specified email address for reporting breaches, and a designated team for managing them, can help your organisation have a stress-free 2020.

Resolution 4: Data Protection by Design

The final New Year’s resolution is about forward thinking. We must think about protecting personal data in the future, as well as right now. Advances in technology mean that organisations collect more and more personal data as we go about our days. For instance, Samsung’s Ballie Bot debuted this week. A tennis ball sized robot which follows its owner around. It captures ‘special moments’ via camera, and assists with personal fitness and household chores. While most organisations won’t be using miniature robots any time soon, new processes and technology can be expected over the 2020’s.

As we move into a new age, we must strive to perfect our GDPR compliance in the present, and design our advances with the protection of personal data at the forefront of our minds.