Be Data Smart

Behind each bit of personal data is a person, and their integrity

When collecting personal data, always remember that the data reflects a living person. Don’t assume you can just do anything or everything you want with it but consider how you would want your own data to be treated by any organisation and apply these thoughts to your data processing activities.

Be user centric, for your sake and theirs!

It’s easy to forget that the personal data is a data subject’s own, not the organisation’s property. Whenever embarking on a project that involves personal data, design the project, interfaces and methods for the human being

With great power, comes great responsibility

The processing of personal data may unleash your organisation’s potential, but it should be considered an important asset to protect whenever it is used in your organisation. Accordingly, invest in both human and technical resources that allow you to manage these flows accordingly by training your operational teams and investing in cybersecurity.

Express yourself simply and be fully transparent

Inform the persons whose personal data is being collected and used what you plan to collect about them, the purpose for which it is being collected, with whom it is going to be shared, in what form and under which conditions. Do it in a way that anyone regardless of their age or technical competence can understand what your intentions are with the data collected. Don’t be sneaky or shifty about what you do with the data in your care.

Know your flows

As an organisation, you’re accountable for the data you are processing and using. Not knowing the source of your data or the conditions under which you are allowed to it is not an acceptable get-out-of-jail card. Accordingly, maintain a high situational awareness across all your teams about data coming in and data going out of the organisation.

Safety first!

As an organisation, accountability for the personal data you collect extends to ensuring that personal data is protected from unauthorised access or disclosure without the clear and informed permission of data subjects. Think about the impact that such unauthorised use would have on the person whose data you are processing if it were to be made public or abused by individuals with ill intentions.

Avoid data hoarding

Having an unusable data lake of outdated personal data only increases the risk of it leaking out and getting hit with fines that can bring down your organisation. Collect only the data you need and limit the collection of personal data only to those relevant for the project. (Increase your response rate by making sure that questionnaires are short and fun the fill out!)

Right tool, right place, right time

As an organisation processing personal data, curation is key and that also applies to the tools and methods used when processing the personal data. Carefully select the tools that ensure you are embedding concepts like privacy by design and by default into your processing activities. Make sure the tools themselves help you fulfil your promises to data subjects (as well as your legal obligations!).

Don’t fly blind

Invest in independent data protection and privacy expertise. Regardless whether you’re an SME or a large multinational, it’s important to make sure that the decisions you are taking about personal data are consistent with the fast-developing practice and offer an external viewpoint that isn’t driven by profit considerations.

Think about the future

Data subjects don’t like to discover a change in purpose operated without their knowledge. Think about not just about how you use personal data today but already anticipate how you intend to use personal data in the future and communicate about these possible future uses to build trust with those who entrust their data in your care.

Be Data Smart

Join us

This is an initiative of