6 Things Your New Staff Need to Know About Data Protection
21st September 2018
There’s a range of things to inform new employees about, and it can be challenging trying to remember them all.
Therefore, we’re going to break this into manageable chunks and take a look at 6 things you should inform them about regarding data protection. If staff members aren’t aware of data protection policies, procedures, and laws, then your organisation may face serious consequences, such as financial penalties and damage to your reputation.
- Your Privacy Notice
The first Data Protection principle, ‘Lawfulness, fairness and transparency’ requires organisations to confirm that their data collection techniques and practices are legal.
The privacy notice is a key document for both customers and staff and it should be ‘clear and transparent’ what type of data you’re collecting from the data subjects and what you’re using it for. Make sure that new staff have carefully read through your privacy notice, so they can respond accurately to queries.
- What You Do with the Personal Data.
There must be a specific & lawful purpose to collecting personal information and this purpose should be clearly communicated to new starters.
For most new staff the company will have already decided the ‘lawful basis’ for processing personal information, so this will need to be explained along with the proper procedures the company should have established.
The time frame for collecting this data should only be as long as required to complete the stated purpose.
- What Personal Data You Collect
By law, organisations should not collect, store or process more personal data than needed to perform the ‘lawful purpose’ above.
This is beneficial for two reasons:
- If your organisation was to experience a data breach, attackers are limited to the amount of personal data available.
- It’s easier to maintain a small amount of data, meaning it’ll be more accurate.
New staff should be training to a level where they understand the minimum personal information required to complete the task, and how to securely dispose or discard of additional data they collect.
- Changing and Updating Personal Data
Staff should be reminded of the need for accuracy and make sure they take care to get the correct information from your subjects, including spelling and dates. You can do this by asking the customer to repeat details when taking details down over the phone or in meetings. We also recommend that you use the phonetic alphabet – why not print one and keep it on your desk?
Occasionally, customers and other data subjects may ask for their data to be updated, as is their legal entitlement, so staff should be aware of the procedures for doing this.
- How Long Personal Data is Kept
New staff should understand the company’s retention policy and be able to discuss this with customers and other data subjects.
Most companies will have a system in place for securely deleting data at the end of the retention cycle.
- How to Keep Data Confidental
It might sound obvious but verifying the customer or data subject before disclosing their details to them is essential.
There are many ways to do this, so new staff should be trained in how the organisation approaches this, including what to do if they suspect somebody is trying to gain unauthorised access to personal data.
There are many other ways to keep personal data safe, including management systems such as ISO 27001.