‘Data Privacy’. The simplest way to think about it is that people (customers, employees,
may be anybody's Data) need to know what personal data organisations are collecting about them
and how they are using it.
Why is data privacy important?
Companies that fail to protect personal data and comply with data privacy regulations are not just risking financial penalties. They also risk operational inefficiencies, regulatory and most importantly permanent loss of consumer trust.
Data protection regulators may enforce mandatory audits, request access to documentation and evidence or even mandate that an organisation stops processing personal data.
Non-compliance with the the law could result in brand damage, loss of consumer trust, loss of employee trust and customer attrition.
Most data privacy laws give people more rights over their data, such as the right to access their data or the right for it to be deleted. This can be a significant operational burden if it is not implemented effectively.
Key Principles of Data Privacy:
1. Lawfulness, fairness, and transparency:
You should always process personal data in a fair, lawful and transparent manner
2. Purpose limitation:
You should only process personal data for a specified and lawful purpose.
3. Data minimisation:
You must ensure you are only processing the personal data that you truly need and nothing more.
You should ensure personal data is kept up to date, and that necessary measures are in place for correcting and updating
You must not keep personal data for longer than you need it.
6. Integrity and confidentiality:
You must implement adequate security controls to ensure that personal data is protected against loss, destruction or damage.
You must have appropriate measures and records in place to be able to demonstrate your compliance.
What is personal data?
Personal data is any information that can identify a person. This could be a name or account number or could be a digital identifier such as IP address, username or location data
When can personal data be processed?
1. Consent: of the individual to the processing of their personal data.
2. Legitimate interest: of the organisation or the third parties engaged.
3. Contractual necessity: processing is needed in order to enter into or perform a contract
4. Legal obligation: for which the organisation is obliged to process personal data for
5. Vital interest: of individuals, where processing is necessary to protect their lives.
If you enjoyed this article, share it with your friends and colleagues!