New Year, new you?
How many times have you decided that the first day of January is when you will go on a diet, start an exercise plan, give up something that you enjoy because it is ‘bad’ for you or make a big change in your life?
And more importantly, how many times have you stuck to it and achieved your goals? New year, new you! Sound familiar?
But why does 1 January have to be different to the day, month or year before? If something needs changing or improving, don’t wait for that arbitrary date in the diary, set yourself realistic and achievable goals and get started straight away!
So how do you stick to your new year’s resolution?
Here’s the secret, don’t make one in the first place!
At OASIS Group, information security and data protection is in our DNA. The date on the calendar is completely irrelevant. It is embedded into our strategies, goals, plans, policies and procedures and these remain under constant review. We don’t need a new year’s resolution to ensure that the data in our custody is protected and secure and compliant with data protection laws and other relevant regulations.
We recognise that data protection risks and threats can never be truly avoided and we also know that regulations, legislation, technology and, client requirements, are ever changing. The secret is to acknowledge this, carry out regular risk assessments and horizon scanning activities to help you prepare for those risks, threats and changes insofar as possible. Of course, no one has a crystal ball, and the unexpected will sometimes happen. The important thing is being ready and able to adapt quickly to any changes and evolve with them.
Evolutions not resolutions.
Here are a few things you can do to start your data protection evolution
- Know your data
• Do you have a Record of Processing Activities?
‘Well, of course I do, that is the law!’
Ok, but when was the last time you reviewed and updated it. Did you remember to include that new system you just purchased and all the personal data that it is collecting? Or what about that process you just changed?
• If you don’t know what data you have, where it is stored, who has access to it, how can you ensure that it is fully secure and protected? If you have a data breach, how will you know that you have fully contained it and accounted for all of the compromised data? - Set small and achievable data protection goals with a clear purpose
• Keep the data subject and their rights and freedoms at the heart of your goals.
• Have you checked that your goals are aligned with reducing your top risks and threats to personal and confidential information? - Ensure you have the right tools in the box
• Do you have the necessary tools and resources to manage your personal data?
• Do manual processes create duplication or introduce the risk of error?
• Here at OASIS, we have award-winning solutions to help you stay compliant with data protection laws, keep your data secure, manage retention periods and securely delete and destroy your data. Speak to one of our Account Managers or visit our website for further details. - Data protection by design and default
• Is data protection built into any new projects, products, processes? Are all stakeholders involved?
• Are you completing data protection impact assessments (DPIAs) and considering data subject needs before you start a new project? - Out of sight, but not out of mind
• Regularly review information security and device policies and procedures for homeworkers. Ensure they are trained in these and that all devices are receiving the latest security updates.
• Ensure that your homeworkers can securely destroy confidential waste. Here at OASIS, we can offer door to door confidential shredding and destruction services for paper and media - Be ‘incident’ ready
• Have you written and kept up-to-date incident and cyber response plans?
• Do you have sufficient resources to deal with an incident? Do you have a dedicated incident response team?
• When did you last test them? - Data retention
• Do you have a data retention policy which is communicated across your organisation?
• Are you checking that data is deleted when the retention period has been reached? - Training and awareness
• Do your Team Members receive regular training covering all relevant data protection and information security policies and procedures?
Do you record this and check their understanding? - Covid-19 data
• Avoid collecting and recording this data
• If that is not possible, only collect and record data that is absolutely necessary and for which you have a specific, lawful purpose
• Restrict access to the data to only those who absolutely need it and ensure retention periods are closely followed
• Ensure your privacy notices are up to date and available for all data subjects to access
Although today marks Data Protection Day throughout Europe, here at OASIS, it is Data Protection Day everyday! For us, this is not a new year’s resolution that might not last or something we look at once a year, but rather an evolution, where we constantly review, innovate and adapt how we operate and protect personal information to ensure that it stays secure and compliant in an ever-changing legal, regulatory, political and technological landscape.
What are your data protection ‘evolutions’?
We would love to hear from you.
About the author
Nicola joined OASIS in 2018 through the successful acquisition of Box-it. In her role as Group Compliance and Audit Director she is responsible for ensuring compliance with regulations including monitoring and evaluating existing and emerging legislation and regulations which may be likely to affect our clients.