Top Data Protection Compliance Tips

What are the indicators that data protection compliance is being managed well or not? What are the most important checks to carry out? Which checks are quick and relatively easy indicators of an effective compliance framework?

Basic checks can help to identify systemic problems with the compliance framework, such as, no one is taking responsibility for data protection through lack of knowledge, time or inclination or that there is no data protection training programme in place.

Here are some suggestions for the top data protection compliance cheques that are quick and reasonably straight forward:

Ask to see the organisation’s data retention policy. Ask one or two colleagues if their department follow the retention periods in practice.

Walk around the offices, preferably just after most people have left, and form a view of the general tidiness of the office, whether paperwork has been left on desks, or whether computers screens are still switched on and whether cabinets are locked. Check printers and photocopiers for “orphan” documents and that confidential waste bins are not overflowing.

Ask to see the contracts register. Are contracts involving data processing flagged or highlighted in some way?

Ask to see the training policy and any records of employee training on data protection.

Check the organisation’s website and look for a) a cookie consent banner, b) a privacy policy comprising privacy notice and a cookie policy. (The difference between these policies and notices and their role is explained in our recent article “Top five data protection definitions” here: https://dataprotection.me.uk/top-five-data-protection-definitions/)

Routine compliance checks are at the heart of demonstrating compliance which is necessary to meet the GDPR principle of Accountability. If you do not have time or inclination to carry out these checks yourself, think about outsourcing them to professionals who can also advise on ad hoc issues and provide peace of mind that the increasingly important area of data protection compliance is not being overlooked.

Mandy P Webster, Data Protection Consultant

Data Protection Consulting – supporting clients with data protection compliance services since 1999

About the Author: mandy.webster

Since June 1999 Mandy Webster has been a freelance consultant offering audit, advice and training on privacy, information security and e-commerce issues as Data Protection Consulting Limited. The company’s mission is to help clients from a variety of sectors, and of all sizes, comply with data protection law and to that end it offers a range of solutions. Mandy, a qualified lawyer, is author of ‘Data Protection for the HR Manager’ and ‘Data Protection in the Financial Services Industry’ published by Gower and “Effective Data Protection” and ‘The ICSA Data Protection Troubleshooter’ published by ICSA Publishing Limited. Mandy is a well-known writer, commentator and speaker on data protection.

Top Data Protection Compliance Tips

Data Protection Consulting – supporting clients with data protection compliance services since 1999

HIV Charity fined for bulk email errors

Top tips for evidencing compliance

How to be a Compliance Auditor

Article 30 records and Privacy Notices

Data Processing Agreements

Top Data Protection Compliance Tips