Hi there and welcome to Data Privacy Simplified 101!
This will be the first of many instalments in our blog post series where we will cover complex areas of Data Protection, Data Privacy and everything in between. My goal is to hopefully turn this horribly complex mumbo jumbo of acronyms and polices into something a bit more simple and normal, for people who have more important core activities to tend to.
This means if you are in Information Governance you can go ahead and skip this one but perhaps also share the post to make sure it reaches the right people, *cough* cough* we are looking at you, Information asset owners.... but all jokes aside, I hope whoever reads this finds it somewhat useful and brings you at least a fraction of reassurance as we head into this crazy world of Data Privacy.
Data protection basically is about making sure that people's information is being used properly and also being kept safe. Data protection is about being able to build trust with the public and also creating engagement with and support innovative uses of data within public and private sectors. You might be asking yourself “Does any of this have anything to do with me” well… chances are if you are reading this more likely than not the answer is yes. However more specifically if you collect information about people for any business, or other non-household purposes then buckle in because we are going for a ride.
*Disclaimer* Personal data used for your own personal or household purposes like a social media activity and private letters or emails is fine and does not apply to today’s lesson.
“Okay so it applies to me, what now?” Great question, the answer is actually not as restricting as you might think. Look, every business and organization operates differently so to put a one stop shop answer for everything would be ludicrous. Data protection Law does not have absolute set in stone rules, but more so guidelines based on key principles. This means that you have flexibility to do things your way based on the type of organization and situation. However, with great power comes great responsibility (cliché, but also very true). So it really comes down to how and why you process personal data.
Personal Data is?
Personal data is pretty much exactly what it says on the tin, it's any information about a person. Whether it’s a customer, employee, member of the public or even government official. The information doesn’t need to be private information personal data also covers any information that is in the public domain. If the information about someone is truly anonymous then it doesn’t classify as personal data. However, you need to make sure that you could not identify someone from the information or that it can't be pieced together with other details as it then is classed as personal data.
Let's go over some quick key words which you might need to know -
Processing – This is pretty much anything that you have done or will do with the data such as, collecting, storing, deleting, analysing, recording it … you get the point.
Data Controller - The person or organization that decides how and why the data is collected. Now it's important to remember even if you are an employee acting on behalf of your employer that doesn’t make you the DC (here we go with the acronyms). Because you are only acting on behalf of your employer the responsibility still falls upon them to make sure that they are following data protection law.
Processor – A processor is a completely someone working for a different organization who processes data on behalf of the controller. This person is not an employee but rather a third party who handles that information. An example would be for an example for new business owners might be their accountant who handles specific data on behalf of the Employer but doesn’t work directly for them as an employee.
Data Subject - This is quite literally the person who the data is about.
Well, you’ve made it. Congratulations! Your very first lesson in Data protection, hope I didn’t bore you on the way. Stay tuned in the coming weeks as I plan to keep posting new lessons on important topic and questions. My aim is to be as engaging as possible to help people get a better understanding of this crazy data filled world, and maybe make it a little fun along the way.
That's all for today.