Back to basics: Why assigning responsibility in relation to data protection is so important
Why do I need to know who is responsible for GDPR within my business?
As a collector and/ or processor of data, your organisation has an important responsibility; you must keep that data safe. Assigning responsibility in relation to data, means your organisation is not only accountable, but also putting checks and balances in places to ensure your obligations in relation to the GDPR are met.
Understanding the data you hold
Before you can ascertain who is responsible for data within your business, it is important to understand what data you collect and process, where it is stored, who has access to this data, and how it moves through your business.
To do this it is helpful to map your data. This allows you to visualise all data within your business, and how it moves through your business. You can find out more about data flow mapping here.
So who is responsible for making sure my business is compliant?
In short, everyone within your business is responsible for implementing GDPR.
Each role within a business requires differing levels of access to different types of data.
For example, the front desk receptionist will not need access to the main customer databases, the finance team will not need access to the visitor diary, the marketing team will not need access to the customer orders and so on.
It is important that each individual within a business knows what data they have access to, where it is stored, and their unique responsibilities in accessing and using that data within the business.
Again, data mapping will allow you to better understand who has access to what data, and why they need access to it.
Training your staff
Once you have an understanding of who needs access to what data and why, you will then need to train your staff in their responsibilities towards data.
This training must be recorded, and signed for to show understanding. It is also important that this training is relevant to the specific role in question, and that it is kept up to date.
Protecting your business
Although it may seem like a laborious process, it is important that you assign responsibility in relation the data you collect and process within your business.
Failure to assign responsibility in relation to data handling, leaves it to chance whether or not your obligations as a collector or processor are met. In doing so, your company is left vulnerable, and at risk of being fined or sued.
For more information on how GDPR affects your business, click here to download our free guide to compliance.