Managing Personal Data in your Organization
Passionately developing careers.

Administration and Secretarial Blogs

Managing Personal Data in your Organization

  Feb 14 2018

# Administration and Secretarial

There’s a lot of noise about privacy and how you need to take care of personal information but are you listening? You most probably think it doesn’t affect you. You’re not a large organisation, you’re not global and if you are, your office is not Europe, so no worries there then. But wait, supposing you need to share the personal information you hold with someone in Europe, does the European Union’s General Data Protection Regulation that comes into force in May 2018 affect you? And what about a data breach – supposing you “get hacked” and all the personal data that you hold is exposed across the world, will that affect your business?

The following five points reflect on what you need to do now to manage personal information in a secure and efficient manner. Every organisation needs to know this.

1. Information in your care

It is good business practice to document the personal data that you hold, where it came from, and who you share it with. To discover what you hold you may need to undertake an information audit and develop a data map.

2. International

Does your organisation process personal data and operate in the European Union (EU)? If so then you will most likely have to comply with the new General Data Protection Regulation and appoint a data controller, draft a privacy policy, and develop a process to manage personal information. Even if you don’t work in the EU it is good business practice to manage personal data in your care in a secure and ethical process.

3. Awareness

The people in your business, decision makers and those with accountability for processes and output, as well as those that handle personal information on an occasional basis should be made aware of the need to manage personal information in accordance with the European General Data Protection Regulation if applicable and / or your policy on privacy.

4. Rights of the individual

You need to understand the rights that individuals in EU have when it comes to requesting and deleting their personal information. How are you going to undertake the delivery of their personal information in a common format, or undertake deletion if you receive a request from someone to do this?

5. Data breaches

You must have the right procedures in place to detect and report a personal data breach. How are you going to manage this and undertake an investigation into what happened? How are you going to explain this to the individual and to the public? Loss of data has a huge negative impact on the reputation of an organisation.

These five points are the tip of an iceberg, but they are a good start when it comes to managing personal data. Not only that developing a privacy policy and a process to handle personal information may also uncover areas within your information management processes that need improvement such as a higher level of security or a deletion exercise to remove unnecessary data. Whether you work outside of Europe or not the management of an individual’s data will become a regulated issue tomorrow or the next day, and, if you work in the EU you must act now.

About the Author

Alison North

Alison North facilitates PLUS Specialty Training’s Document Control and Records Management course.

Alison is an international document and record management consultant with over 40 years of experience in the information management world. She has designed and implemented numerous document control and records management systems for clients, both private and public sector, in many countries including throughout the GCC.

Alison’s training and mentoring programs cover all aspects of managing information and she has trained hundreds of people. Alison is a frequent keynote speaker at international conferences and has recently been asked to deliver a TED talk on managing information.