Log in

No account? Create an account
Gavin Greig [userpic]

Data Protection

September 3rd, 2006 (12:04 am)
Tags: ,

current location: KY16 8SX

As of the 1st of September, I'm no longer Insights' Data Protection Officer. The nominal responsibility has migrated up to a member of senior management, and day-to-day compliance will be the responsibility of team leaders.

This is a step forward for the company, and a relief for me. It's become increasingly clear as the company has increased in size that Data Protection needs to be handled at a more senior level. Although Insights started as a small family business, I think we're now officially medium-sized, and someone in the IT/software development department just isn't best positioned to know what's going on any more.

Data Protection is often seen as a technical issue, but really it's not. It's about business processes, and in recent years changes in the law mean that it has come to cover paper records as well as electronic ones, so really there shouldn't be any illusion remaining that it's best left to the techies. Naturally, the technical staff will still be best informed on some aspects of data processing (for example, which country is that server in?), but other parts of the organisation will be better informed on their particular aspects of DP.

That's why it makes sense to push day-to-day responsibility down to team leaders; when it comes down to it, it's the reponsibility of senior management to make sure that Data Protection is taken seriously and that staff are adequately trained and resourced to provide it, but it's the responsibility of every individual handling personal data to make sure that Data Protection is implemented.