One of the seven data processing principles of the UK GDPR is ‘accountability’.
You must be able to demonstrate, to both external and internal data subjects, your adherence and compliance to UK data protection legislation. The UK GDPR states that: ‘You need to put in place appropriate technical and organisational measures to meet the requirements of accountability.’
In our earlier blog ‘The value of the Data Protection Officer (DPO)’ we looked at the responsibilities of the DPO and concluded that ‘supporting staff and management in understanding what data protection is and entails is an important function of the DPO.’
It could be tempting to think that appointing an internal or external Data Protection Officer (DPO) removes the need for colleagues to have a thorough understanding of UK data protection legislation and their responsibilities.
So, a key area of accountability, is the communication to stakeholders in your business of the need to build and design an effective information governance framework and put this into practice every day.
To achieve the level of accountability demanded by UK GDPR a structured training plan focusing on key areas of personal data protection is clearly essential to communicating the different aspects of information governance to your team.
For example, all employees understanding how to respond to personal data breaches or subject access requests, would empower employees to actively use the framework to deliver compliance through best practice. Whilst demonstrating accountability to internal and external stakeholders alike. Do you know your responsibilities with regards to personal data breaches?
Building personal data protection training into staff inductions and providing regular annual refresher training for existing teams ensures that those who are responsible for controlling and processing personal data, will be able to work within the guidelines of the seven data processing principles which underpin UK GDPR.
Knowing what actions, they can take to safeguard client personal data, regular password changes, document management and destruction routines, and a general understanding of the organisation’s security policy are all critical to making sure that personal data entrusted to the business is processed, stored, and ultimately discarded in a safe and compliant manner.
Designing and implementing the right personal data protection training plan to support the organisation’s requirements, whilst keeping it aligned to your organisation’s goals is a journey, not a destination.
CSRB will support you in creating a data protection culture within your organisation. UK GDPR talks about taking a ‘data protection by design and default’ approach, and CSRB works in line with that ethos.
We will help you manage and protect that data responsibly in a refreshingly jargon-free way. Taking the subject out of the dusty corner that it can often reside in and helping you communicate to your team the importance of safeguarding the personal data that you control and process, is where our expertise lies. Please get in touch with us here or call 0117 325 0830 to learn more about how we can bring clarity to your information governance framework, and accountability with UK GDPR.