Hold on – those aren’t the words, are they?
While I am no Grinch and do not wish to spoil the time of year we all look forward to the most, the festive period is typically when data protection, like most things, takes a backseat and our minds are on presents, food and what to watch on TV.
But you ignore data protection at your peril. Make sure that it is Santa Claus – and not the Information Commissioner – who comes to town, by taking these steps:
in the spirit of goodwill, some choose to give something back by volunteering. Depending on what volunteers do, they may have access to personal data held by your organisation. Even if they are only with you for a few days or weeks, volunteers should be data protection trained to reduce the likelihood of data security breach incidents, such as loss or unauthorised use of personal data. If volunteers are children, ensure that you have parental consent to using their personal data for volunteering purposes;
organisations increasingly allow flexible working, whereby employees can work remotely from home during school holidays. This is not without its risks and entrusts your organisation’s data security to the measures, if any, that employees have in place on their home network and personal devices. Implement a remote working policy, only permit data transportation via encrypted memory sticks and ensure that employee devices can be “remote wiped” if compromised;
your organisation may decide to upload photographs captured during the Christmas party to its publicly accessible social media accounts. If so, obtain the consent of those whose photographs have been uploaded. Consent need not be written but at least record the fact of consent by way of audit trail;
if you receive a subject access request before you close, you must respond within forty calendar days. Once your organisation re-opens in January, beware that you may already have lost up to sixteen days; and
Take these steps today and have a peaceful and data protected Christmas!
Contact us if your organisation would like to discuss our Data Protection advisory, audit or training services.