Having come from a banking background something as simple as ‘clear desk policy’ is in my professional D&A, I naturally get up and lock my screen and make sure no paperwork is left on my desk before I go home. Many years of in-house training has ensured that this is the case. However, I am finding myself in a wondering space at the moment with it when it comes to simple and practical sides of data protection such as:
· When we work from home, do we diligently ensure all of the data we are having around are protected? Do we not work from the kitchen counter where the childminder and the cleaner may also be walking pass and have full access to the laptop and the paperwork around us? Do we ensure we shred all the relevant paperwork at our home office? When in transit do we genuinely keep all relevant data and paperwork close to ourselves and safe?
· Do businesses know who is their CCTV operator and how those images are being stored? I have grown to understand that leased offices come with a CCTV operator as part of the lease and the business owners tend to not know anything about the operator or their data storage arrangements whatsoever.
These are just some points that one would name as ‘common sense’ but are we all perhaps a bit overwhelmed by the new consumer rights such as ‘right to be forgotten’ and overlook the simple but extremely important points that fall into the same legislation. I would personally think that a business would be more in danger of data loss whilst an employee works from home than getting in trouble if a consumer request for their data to be erased post-termination of the relationship.
As per many social media campaigns I recently have done, I am currently working with a handful of charities on voluntary basis to assist them to become GDPR compliant and the more I talk to this sector the more I understand the challenge the not for profit organisations are facing to become compliant, not that they do not wish to, but that the task itself is enormous and require professional expertise that usually comes with a large bill. If any of my compliance peers are also happy to volunteer for such work to share their GDPR expertise with small charities please let me know so I can coordinate the work. Any help is hugely welcomed by the charities.