Why comply with data protection?
Data protection is about ensuring people can trust you to use their data fairly and responsibly.
Data protection laws provide rules for the way in which personal information is collected, what it may be used for, when it may be shared, how securely it must be stored, what the rights are of the person whose information it is, and what organisations must do in the event of a breach.
We firmly believe that good data management is crucial, regardless of whether legislation compels organisations to take it seriously.
Does it apply to you?
If you collect information about individuals for any reason other than your own personal, family or household purposes, you need to comply. Data protection therefore applies to every organisation, because all companies collect personal information from their customers, employees, and suppliers.
What is Personal data?
Understanding whether you are processing personal data is critical to understanding whether data protection applies to your activities.
How to become compliant
Every organisation is different and there is no one-size fits-all answer. Data protection law doesn’t set many absolute rules. Instead it takes a risk-based approach, based on some key principles. This means it’s flexible and can be applied to a huge range of organisations and situations, and it doesn’t act as a barrier to doing new things in new ways.
However, this flexibility does mean that you need to think about - and take responsibility for - the specific ways you use personal data. Whether and how you comply depends on exactly why and how you use the data - and there is often more than one way to comply.