Leading online workplace training provider, iHASCO, conducted an expert Q&A with Mathew Parry - Data Protection Officer for the Quality Division at The Citation Group. Mathew’s background in Data Protection and IT Risk Management gives him some of the best expertise available to provide useful insights to any business wanting to grasp a better understanding of how keeping data safe is not only vital, but a company-wide responsibility.
How did you get into this area of expertise?
The General Data Protection Regulation was on it’s way and in my role at a public authority, I had the unenviable task of implementing the GDPR. Luckily for me, this regulation brought rise to a new breed of data protection experts, and is a topic I have developed a passion for and read about extensively. Data protection is relevant to every single one of us, even more so in an increasingly digital world.
Many businesses are intimidated by data protection. Is it as complicated as it seems?
Data protection is not as complex as it appears. The best way to view it is from a practical perspective. Breaking it down by each specific GDPR clause will help a business understand why and how they should comply. The GDPR is generic as it has to cater for every industry in Europe. Therefore taking this practical approach helps bring the GDPR to life for your organisation. Another common struggle is thinking that data protection is black and white. It is not, but as soon as you get into the granularity of it it will start to make sense and you will begin to understand what steps need to be taken to comply and function as a business.
Why is data protection so important?
You can find data everywhere. If there wasn’t any regulation in place, improper use would be a huge issue and the world would be a much darker place. Pre-GDPR, companies could pretty much do what they wanted with data, whether that was harvesting it or selling it, despite fines of up to £500,000 which were meaningless to larger companies. The GDPR became a tool to hold companies accountable for handling our data and to prevent misuse which can lead to identity fraud, spam, illegal sharing of data and scams. It gave Individual’s more rights to access and amend data held about them, including the right to erasure. From an organisation’s perspective, good data protection is not only lawful but in an increasingly competitive market can help you stand out from the crowd and gain you a good reputation, as well as more business.
What is your best advice for small businesses when it comes to data protection?
If a business doesn’t have the resources for a specialist in-house expert or a DPO, the ICO has good guidance and free resources. The ICO’s accountability trackers help break down business responsibilities to work towards compliance, which is a great tool to review where you are at and what needs to be done. It’s also useful to understand what data you hold, why you hold it and where it goes (whether it’s available internally or externally). By building a data map you will get a better understanding of data protection for your business.
How do you ensure data protection is company-wide, and all employees understand its importance?
It’s vital you educate all your employees about the importance of data protection so they understand their role in keeping data safe to prevent costly fines and security breaches. Every single employee is responsible for ensuring they adhere to your data protection policy but just because they read your policy it does not mean they understand it. Through providing awareness training employees can appreciate the importance of GDPR and Cyber Security in the workplace. Online training can be the easiest and most cost effective way to do this, particularly where flexible working has made it more difficult to bring teams together in a central place. It shouldn’t just be part of an induction but regularly refreshed so data protection is always on the forefront of everyone's minds and becomes part of the whole company culture. Your employees working closely with customers and suppliers are often the first to become aware of a potential breach and can raise the alarm. However, it is important to assure them that anyone coming forward with any data concerns should not be scared, but are playing their part in ensuring all potential breaches are investigated, contained and learnt from.
If you need further support when it comes to GDPR & Cyber Security, take a look at iHASCO’s range of GDPR & Cyber Security Awareness courses here.