How well is Data Protection integrated into your business? Is it a separate entity, or is it central to everything you do?
The business web
Business is like a spider’s web. From networking meetings and platforms like LinkedIn to data flows and overlaps between departments, everything is interconnected. And, just like the butterfly effect, one minor incident can have implications elsewhere in the business, be they positive or negative.
The same is true of Data Protection. Information security is an integral ingredient to your business that forms part of the web, not an isolated entity. Indeed, some businesses may even consider data protection to be the web itself on which everything else in the company hangs.
The butterfly effect
We can all see the extent of this interconnectedness when things go wrong. If a company stops trading, staff are made redundant, creditors don’t get paid, and clients have to find alternative suppliers. If the design department misses a deadline, this has implications for sales and the fabrication process, not to mention the delay in getting the product to market.
For data protection, the circumstances are the same. A data breach not only affects a company’s reputation but also the lives of the staff and clients whose data was unintentionally lost or released.
A subject access request
It isn’t just breaches that can cost a company money, time or reputation. A recent subject access request (SAR) cost one social care organisation 50 hours of work plus consultancy fees. That’s not to mention the additional stress caused by the increased workload for the staff members involved.
In this particular case, a disgruntled staff member made the SAR after a disagreement with management. Unfortunately, the original incident wasn’t well managed, and the SAR was the direct result. If the manager had handled the original dispute more effectively, the time and money the organisation spent on addressing the SAR could have been spent elsewhere. This case study demonstrates how data protection is intrinsically linked to every aspect of a business. In the case of this small business, the impact was huge.
A company ethos
Treating data security as integral to your business is an ethos, a company-wide approach that is proactive and joined-up. It is held not only in attitudes towards information but towards people too. Unfortunately, a passive attitude that regards it as an add-on could easily result in negative consequences if something goes wrong.
From SARs and breaches to poor training or lack of accountability, the implications are far-reaching. Incidents cost time, money and reputation; they affect an individual’s data and cause unnecessary stress.
Instead of being the scary spider, data protection should be a fundamental component to your company’s complex web that helps it function safely and remain trustworthy.
See our self-assessment questionnaire for your own data protection health check or request a free virtual meeting with a data protection professional. We provide Savvy Data solutions too! Available as pre-paid credits or all-inclusive packages, you’ll get additional data protection support whenever you need it.