Feb 14 2018
Administration and Secretarial
There’s a lot of noise about privacy and how you need to take care of personal information but are you listening? You most probably think it doesn’t affect you. You’re not a large organisation, you’re not global and if you are, your office is not Europe, so no worries there then. But wait, supposing you need to share the personal information you hold with someone in Europe, does the European Union’s General Data Protection Regulation that comes into force in May 2018 affect you? And what about a data breach – supposing you “get hacked” and all the personal data that you hold is exposed across the world, will that affect your business?
The following five points reflect on what you need to do now to manage personal information in a secure and efficient manner. Every organisation needs to know this.
1. Information in your care
It is good business practice to document the personal data that you hold, where it came from, and who you share it with. To discover what you hold you may need to undertake an information audit and develop a data map.
The people in your business, decision makers and those with accountability for processes and output, as well as those that handle personal information on an occasional basis should be made aware of the need to manage personal information in accordance with the European General Data Protection Regulation if applicable and / or your policy on privacy.
4. Rights of the individual
You need to understand the rights that individuals in EU have when it comes to requesting and deleting their personal information. How are you going to undertake the delivery of their personal information in a common format, or undertake deletion if you receive a request from someone to do this?
5. Data breaches
You must have the right procedures in place to detect and report a personal data breach. How are you going to manage this and undertake an investigation into what happened? How are you going to explain this to the individual and to the public? Loss of data has a huge negative impact on the reputation of an organisation.
About the Author
Alison North facilitates PLUS Specialty Training’s Document Control and Records Management course.
Alison is an international document and record management consultant with over 40 years of experience in the information management world. She has designed and implemented numerous document control and records management systems for clients, both private and public sector, in many countries including throughout the GCC.
Alison’s training and mentoring programs cover all aspects of managing information and she has trained hundreds of people. Alison is a frequent keynote speaker at international conferences and has recently been asked to deliver a TED talk on managing information.Blogs