Where do I start?


Data protection can seem overwhelming. For starters, there’s all the complicated legal jargon. Not to mention, a list of rather vague rules – which are often applied differently on a case-by-case basis. It might seem like there’s a lot of work involved, or it’s hard to understand what’s required. And there’s a lot of conflicting advice out there.

Even if you have a good grasp of the rules, it can be difficult to know how to put them into practise.

So, where do you start?

There are six simple steps you can take now, which will make all of this a lot easier.

The Basics

There are some basic things you need to know. Nothing else will really make sense if you don’t have a good grasp of the basics.

Things like:

  • What is personal data?
  • What are the rules?
  • What’s changed?

I recommend you have a look at The Basics post to give yourself a firm grasp on the fundamentals.


You need to know where you at the moment, so you know how far you have to go.

A self-assessment will also give you a list of tasks to complete, so you can be sure you cover every area.

Basically, it tells you what you need to do. You just need to work your way through the list on the self-assessment to achieve a level of basic compliance. Easy peasy.

Well, no, it probably isn’t. You’re likely going to have questions about to approach each area and what it means for your particular circumstances. Don’t worry, I’ve got you covered there too.

Start by checking out the Self Assessment post. Complete your own Assessment, and then work through each area (visiting the relevant posts here when you need some guidance).

Risk Assessment

Using your completed the self-assessment, you now need to decide which areas carry the highest risk. That will tell you where to focus your efforts first.

Check out the post on Risk Assessment. That will help you build your own risk assessment tool.

Strategic Plan

You need a plan, so that you can be sure you cover every area. A plan provides assurance for senior management, and, should you breach the law, gives the regulator evidence that you were at least trying to comply. It will help you organise your approach.

A strategic plan should cover every area on the self-assessment, starting with the ones which carry the highest risk.

Check out the Strategic Plan post to get started building your own.

Senior Level Buy In

The success or failure of your efforts will depend, in large part, on how much support you have from senior management. You can’t hope to persuade everyone in your organisation to get on board with all these changes, if you don’t have the support of the people at the top.

How you approach this will largely depend on the culture of the organisation you work in. You might want to check out Why Data Protection is Important, to give you some ideas about how to communicate this to your senior management team.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s