-
Check how and where you process data for any unnecessary risks
-
Assess, what data or assets are not necessary to perform your tasks
-
The less data you process, the lower the risks
As argued, the data minimization principle may be translated into a pattern ‘the less data the better’. It does not mean processing data is bad or illegal, but it entails certain responsibilities and risks. If data are not processed, there is no liability for them and often this is the best solution.
But as you normally need data in daily work, transform this approach into a great use of the need to know principle. Re-examine, what data you process doing your job and what assets do you use.
Do you process data only when necessary, or create unnecessary risks? Do you store data in one place, perhaps on backup copies, or save it in multiple places, each of different risk? What about your permissions? Can you access personal data that is not relevant for your work? If yes, why does it happen?
The need to know principle is a standard that should be reflected in the content of your authorization to process data, as well as granted accesses and permissions to IT systems, network folders and physical areas. The employer should have properly set you up as a newcomer and carry out an offboarding process when you leave.
The best way to stay safe is not to get involved in unlawful data processing. So always look at data processing from perspective of your needs to perform your duties. This is a great starting point, but does not solve everything. Especially if your company needs you to process data in a doubtful way, for instance carrying out marketing or behavioral analysis without considering data protection requirements.
Next: GDPR staff training 10/17 – what difference can you make?
Table of contents:
GDPR staff training 1/17 – preview
GDPR staff training 2/17 – how do you approach data protection right now?
GDPR staff training 3/17 – why protect data at all?
GDPR staff training 4/17 – what are personal data?
GDPR staff training 5/17 – what is personal data processing?
GDPR staff training 6/17 – who processes personal data?
GDPR staff training 7/17 – how personal data should be processed?
GDPR staff training 8/17 – what are your roles & responsibilities?
GDPR staff training 9/17 – why the need to know principle is so important?
GDPR staff training 10/17 – what difference can you make?
GDPR staff training 11/17 – how do you approach data protection right now?
GDPR staff training 12/17 – why provide information on data processing?
GDPR staff training 13/17 – what is the sense of consents to data processing?
GDPR staff training 14/17 – what to include in and how to apply contracts?
GDPR staff training 15/17 – what to include in & how to apply contracts?
GDPR staff training 16/17 – how to handle data subject requests?
GDPR staff training 17/17 – wrap-up
Self-implement GDPR in 16 steps:
Complete data protection system – A-Z course & templates
