In the complex mix of information used by your organisation, there is one type of data that is highly regulated: personal data. The fact that is regulated means you have to think not only about commercial issues (the business risks and the opportunities around using personal data) but about legal compliance too.
In discussions with clients, I tend to think about managing personal data in two phases first the ‘Upstream’ phase which is all about prevention (and about maximising business opportunities) and second the ‘Downstream’ phase which is about having an effective response to any data breaches.
In both phases, there are many potential stakeholders, and clients tell me they want support covering all aspects of their business from recruitment and marketing (especially e-marketing) to supply -chain management (preparing and negotiating the right data privacy contract terms). They also want to know that in the unfortunate event of a security breach they have the right team already in place and will be able to respond quickly and effectively to the individual data subjects; the suppliers; providers; the media, other stakeholders and, importantly, the ICO. So, in short, data privacy is an enterprise-wide issue and needs managing holistically.
If you would like to join us for our Cyber Security event in March, follow this link for more information and how to register click HERE
Tim Heywood, Partner