If decency, respect and accountability were a required feature of all service firms, in particular those that hold personal data, GDPR may never have been necessary. While often regarded as a systems matter, GDPR is really about behaviour and practice at organisational and individual levels. While IT systems enable many of the transgressions that have led to GDPR, it is human behaviour that ultimately needs to change.
GDPR is an important reminder to all firms who share data as part of their processes, that they must behave appropriately and look after sensitive information. While this includes the security of personal data, it is around how data is used and kept accurate that will impact most people. If GDPR is about anything, it is about the culture and maturity of an organisation. It encompasses those daily processes and procedures that are in place and consistently adhered to. Good practice data control means, that the person on whom data is held, remains the exclusive owner of that data. It must only be used with their expressed permission.
Many of us who have been involved in developing GDPR policy and practice for our companies are extremely familiar with the content of GDPR and privacy policies in general. However, as with Terms of Business presented online, some people may not have had the chance to read these in full, so we are setting out here 10 commitments to our management of your data. While bound by legislation, this is simply the respectful management of your data and the minimum you should expect from all firms.
Our commitment to all stakeholders is that we will continue as HRM has always done, to practice good data management at all times. We will ensure full compliance with GDPR and be entirely accessible and transparent in all of our relationships.