How to avoid breaches and the serious conesquences that follow

Following on from the Privacy webinar with Louisa Gommans from Rainey Collins on 1 April 2021, Louisa has put together some key considerations for businesses and organisations to bear in mind when implementing robust privacy practices.

1 Collection

  • What personal information is collected?
  • Why it is collected (is it necessary)?
  • How is the purpose of collection communicated to the owner/s of the personal information?

2 Use & Dislosure

  • Make sure you are only using personal information for the purposes for which it was collected.
  • If it is used for any other purposes, has that been communicated to the owner/s of the personal information?
  • Is personal information being disclosed outside of the business or organisation?  If so, where does it go and is that disclosure lawful?

3 Storage and Security

Now is the time to review your systems for storing personal information safely and securely.  This should include considering any third party/cloud storage of data.  Also think about how personal information is safely deleted/destroyed when it is no longer required.

4 Policies and Processes

Do you have robust privacy policies and processes in place?  In particular, think about:

  • Internal policies for collecting, using, storing, reviewing the accuracy of, and deleting personal information;
  • Dealing with “access” and “correction” requests;
  • What happens in the event of a privacy breach; and
  • A customer/client facing privacy policy (eg on your website).

5 Privacy Officer

Appoint a privacy officer, and make sure they are well trained and supported to carry out their role.

The above is by no means an exhaustive list, but is a good starting point when thinking about how your business or organisation manages its privacy and data security obligations.  Being well prepared will help you to avoid potentially costly – and publicised – privacy breaches. Reputational cost from publication can be even more damaging than fines.  Rainey Collins can offer an initial fixed price consultation to discuss your privacy needs, in order to tailor advice for your business or organisation. 

Kind regards,