Data protection can seem overwhelming. For starters, there’s all the complicated legal jargon. Not to mention, a list of rather vague rules – which are often applied differently on a case-by-case basis. It might seem like there’s a lot of work involved, or it’s hard to understand what’s required. And there’s a lot of conflicting advice out there.
Even if you have a good grasp of the rules, it can be difficult to know how to put them into practise.
So, where do you start?
There are six simple steps you can take now, which will make all of this a lot easier.
There are some basic things you need to know. Nothing else will really make sense if you don’t have a good grasp of the basics.
- What is personal data?
- What are the rules?
- What’s changed?
I recommend you have a look at The Basics post to give yourself a firm grasp on the fundamentals.
You need to know where you at the moment, so you know how far you have to go.
A self-assessment will also give you a list of tasks to complete, so you can be sure you cover every area.
Basically, it tells you what you need to do. You just need to work your way through the list on the self-assessment to achieve a level of basic compliance. Easy peasy.
Well, no, it probably isn’t. You’re likely going to have questions about to approach each area and what it means for your particular circumstances. Don’t worry, I’ve got you covered there too.
Start by checking out the Self Assessment post. Complete your own Assessment, and then work through each area (visiting the relevant posts here when you need some guidance).
Using your completed the self-assessment, you now need to decide which areas carry the highest risk. That will tell you where to focus your efforts first.
Check out the post on Risk Assessment. That will help you build your own risk assessment tool.
You need a plan, so that you can be sure you cover every area. A plan provides assurance for senior management, and, should you breach the law, gives the regulator evidence that you were at least trying to comply. It will help you organise your approach.
A strategic plan should cover every area on the self-assessment, starting with the ones which carry the highest risk.
Check out the Strategic Plan post to get started building your own.
Senior Level Buy In
The success or failure of your efforts will depend, in large part, on how much support you have from senior management. You can’t hope to persuade everyone in your organisation to get on board with all these changes, if you don’t have the support of the people at the top.
How you approach this will largely depend on the culture of the organisation you work in. You might want to check out Why Data Protection is Important, to give you some ideas about how to communicate this to your senior management team.