Description
Each manager of a department, or a specific responsibility, must assess the data issues and risks as are relevant to their individual department. The manager must assess what data exists; whether it is permitted for use; filter out (including deletion of) data that is over-broad or otherwise not permitted; and ensuring procedures to identify and eliminate processes that open up the risk of future unjustified data collections. While other agents of the company or organisation will have responsibilities in relation to data protection compliance, the manager of a department must also engage in best practices that focus on the data protection obligations of the department. Data protection compliance requires not just adherence to specific data protection legal provisions, but a full understanding of what data exists in the department, company or organisation, where it is located and for what purpose. The personnel manager needs to be satisfied that all of the internal personnel records are fully data protection complaint. Just one of the dangers is that these issues are not addressed in appropriate reviews, contracts and policies. Another risk gap is that there may be policies, etc., but the manager omitted to appropriately include other non full time employees, such as those whom may be contractors, temporary staff, interns, or family members. The marketing manager needs to be satisfied that all of the current and proposed marketing activities, customer lists, and user lists are all compliant with the new data protection rules. Organisations should have undergone an A – Z review of data protection compliance in the lead up to the new EU General Data Protection Regulation (GDPR) go-live date. In many organisations there will be many activities and actions which carried over from the GDPR review. These need to continue to be actioned. In addition, there is also a new Data Protection Act 2018 to consider. Organisations should also have appointed a new Data Protection Officer (DPO) to assist in these efforts and to be the official point of contact internally and externally (for data protection supervisory authorities and for customers and users). Critically, all Managers need to be aware of data protection compliance and related issues within their own Department. The Manager has duties and responsibilities. The Manager cannot simply assume that someone else will do it, or that all data protection issues for their Department are already being dealt with by the DPO or some other Department.
