Updated Data Protection Policies
Privacy, particularly when it comes to personal data (and even more so communications and activity online), is without question one of the themes of the age. Public outcry over one government agency or another snooping on our private lives never seems far away. Most recently in the UK, Home Secretary Theresa May prompted further concerns over the so-called “snooper’s charter”, more formally known as the Investigatory Powers Bill.
From a business perspective, the impact of this legislation is perhaps questionable, at least for those not in the business of providing internet access or similar services. There is, however, an arguable case to be made that there are some hidden advantages to such controversial measures.
At a time when public trust regarding their personal data is most certainly in a trough, if not at an all-time low, it is vitally important that those handling such personal data do so properly. Not only does this uphold the letter and spirit of the law (most importantly the Data Protection Act), but it also boosts trust and confidence. Your customers might not be able to stop government spies from reading their emails (whether they do or not, of course, is a different matter entirely), but they should be able to rely on you to handle any data you hold about them properly. By drawing your customers’ attention (as well as that of business associates and employees) to your data protection practices and boosting their confidence and trust, not only can you do your part to ensure that individuals’ privacy is maintained as fully as possible, but a trusting customer is a happy customer, and a happy customer is a more profitable one!
To this end, Simply-Docs has updated its Data Protection Policy templates. Each version has received substantial new material, much of it setting out in detail the rights of individuals (“data subjects”), the data protection principles (now set out in full rather than the summary contained in the previous versions of the templates), and – most importantly of all, the obligations imposed by the Data Protection Act on data controllers and the measures taken within the organisation to protect personal data. A significant number of new measures have been added to the templates, many of them practical and realistic for a business of any size. In addition, provisions outlining individuals’ rights to request details of data held about them (“subject access requests”) have been made clearer and more practical.
It is highly likely that your business is already complying with its obligations when it comes to data protection, but why take the chance and indeed why let it go unnoticed? Take the opportunity now to review your data protection practices, update your policies and let everyone know what a good job you’re doing to look after their data!
The contents of this Newsletter are for reference purposes only and do not constitute legal advice. Independent legal advice should be sought in relation to any specific legal matter.