• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
Housing Technology logo

Housing Technology

Housing | IT | Telecoms | Business | Ecology

  • Free Subscription
  • Search Archive
  • Home
  • Research
  • Magazine
  • Events
  • Recruitment
  • Blog
  • On Demand
  • Contact
Home / Magazine Articles / GDPR is not just about data… It’s about people and reputation

GDPR is not just about data… It’s about people and reputation

If you are tired of reading articles about GDPR as the new onerous regulation or burden that’s going to be the downfall of your organisation if you don’t comply because you will suffer huge fines, then this is the one for you.

GDPR is about people; your tenants, suppliers and employees. It’s about data; your data, my data and their data. And it’s about how you communicate your privacy practices – it’s this that helps to build the reputation of your brand and your organisation.

GDPR is the biggest shake-up to data protection in over 20 years and, in my opinion, it’s well overdue. We now live in an age where we are all happy to give out our personal data when asked without question. GPDR will cover both the private and public sector; it is helping us safeguard data in the digital age.

GDPR is an opportunity

Yes, really it is – it’s an opportunity to build and strengthen trust between you and your tenants, employees and suppliers. GDPR brings in accountability and transparency, and it’s about being honest about why and how you process data. It is putting privacy at the top of the agenda, and treating the data of others in the same way you would want your own data to be treated.

GDPR is about embedding a privacy culture within your organisation, training your team, building a privacy culture, but how do you do this?

The first step to compliance is to carry out a GAP analysis; this will give you an overview of where you are now, an assessment of your organisation’s current level of compliance with GDPR. It will highlight the gaps, and help you identify and prioritise the key areas that you must address prior to May 2018, thus using your resources in the best possible way.

Conduct a data audit – know the data that you have, how did you obtain it, what do you use it for, what are the retention periods, is your data fully consented, can you really say that everyone in your database said ‘yes’, and how are you obtaining consent?

Let’s think about your legal basis for processing. Are you using ‘consent’? If so, you need to be able to show how that consent was obtained. Was it clear and unambiguous? Do you process ‘sensitive data’? Then this consent must be explicit.

Did you know that as the data controller, you have new responsibilities under GDPR. The burden of proof is now on the controller to show why the data is being processed. And of course, there is the data processor – as the data controller, you must ensure that the processor you use is compliant with GDPR.

Do you work with third-party organisations? This could be a marketing agency, a call centre or a data-cleansing agency. As the data controller, you need to check those contracts and you need to carry out due diligence on your third-party contractors. Remember – it’s your data and therefore your responsibility.

If you don’t already know them, take time to get to know the seven data-protection principles of GDPR.

GDPR states that all of your policies and procedures must be written using clear and easy to understand language – i.e. you shouldn’t need a dictionary for obscure language or a degree in law to understand your rights! With this in mind, do you need to rewrite your policies and notices?

Data breach… okay, so the worst has happened and your entire database has been hacked. If you know your data, you will know instantly how serious this is. Ensure you have a clear procedure to deal with it, a procedure that everyone knows about and is clear and knowledgeable about what they have to do. You already have fire drills, so have a data breach drill. Know what to do – after all, you only have 72 hours from the breach being found to notify the regulator and, if needs be, the individuals whose data is involved.

Where is all this leading to? Well, it leads straight to your reputation. No matter how large or small an organisation you are, you can rise or fall on your reputation, and GDPR encourages you to be open and honest.

GDPR can build brand value

An organisation that can define the customer experience and find engaging ways to talk to customers about their data will build trust in their brand. Trust can equal increased rates of customer retention and acquisition which results in increased revenue and growth. A company that is uncaring about their customers’ data will be seen as untrustworthy by today’s savvy consumers; this could cause catastrophic damage to their reputation.

GDPR can add business value

Use GDPR as an opportunity to spring clean your data management systems and processes. GDPR requires a review of your end-to-end data processing, giving the business the opportunity to ensure that all processes are aligned with GDPR, it enables you as a business to ensure that for tenants, access and control of their data is simple and easy. By streamlining your business processes, this should improve efficiency and possibly offer savings for the business.

Building and maintaining a privacy culture needs to come from the top. The senior leadership team needs to be involved from day one, there needs to be constant monitoring of policies and procedures, a well-defined staff training programme and a communications structure that constantly reminds and updates staff regarding data privacy.

Nearly there…

Do you know where your data travels to? You need to know. You need to be able to prove that you are doing everything you can to be GDPR-compliant, so make sure you have an audit trail, log all training, changes to policies, notices and procedures and if anyone comes knocking, you can show them.

Don’t panic. GDPR is not something to be scared of; instead see it as an opportunity to spring clean your organisation and showcase your organisation in the very best light, use it to build trust and enhance your reputation, so take it as great opportunity.

Karen Cheeseman is a GDPR and data consultant at Privacy Trust.

See More On:

  • Vendor: Privacy Trust
  • Topic: Housing Management
  • Publication Date: 062 - March 2018
  • Type: Contributed Articles

Primary Sidebar

Most Recent Articles

  • Free cyber-defence tools from NCSC
  • Learning from history
  • Grand Union Housing gets connected with Aico HomeLink
  • The silences in the system: Predicting and preventing damp and mould
  • Looking back and to the future: Cyberthreats in social housing
  • Hyde signs repairs contract with Totalmobile
  • Fuelling high performance automation
  • Morgan Sindall’s Carbon Zero decarbonisation tool
  • An ethical approach to arrears
  • Housing and the ever-evolving workplace
  • Supporting residents with home safety risks
  • Less innovation & more service design at RHP
  • Ateb Group outsources IT help desks to Central Networks
  • Capital Letters partners with Evo Digital to tackle homelessness
  • Calico appoints M247 for digital transformation
  • 24/7 care requires 24/7 technology
  • Govtech trends for 2023
  • Are you ready for business process automation?
  • Lincoln council moves to the cloud with Civica
  • Why do IT business improvement projects fail?
  • Flagship and Ebrik launch augmented reality app
  • Following the golden thread
  • Setting the standard for carbon-monoxide protection
  • The business case for data
  • Digital twins – When, not if…
  • Using data to build communities
  • The cyber-security jigsaw’s missing piece – Managed detection & response
  • Cyber-security challenges in housing
  • Digitalising retrofits with SHDF & HomeLink
  • Tips for improving care and support

Footer

Housing Technology
  • Instagram
  • LinkedIn
  • Twitter
  • YouTube
  • Contact
  • Free Subscription
  • Book an event
  • Blog
  • Search All Articles
  • Research
  • Update Your Subscription
  • Privacy Policy

Welcome to the housing Technology – Trusted Information For Business Professionals in HOusing

Housing Technology is the leading technology information service for the UK housing sector and local governments. We have always believed in the fundamental importance of how the UK’s social housing providers use technology to improve their tenants’ lives.

Subscribe to Housing Technology to gain market-leading research, unsurpassed peer networking opportunities and a greater understanding of your role to transform your business.

Copyright © The Intelligent Business Company 2022 | Terms and Conditions | Privacy Policy
Housing Technology is published by the The Intelligent Business Company. A company with limited liability. Registered in England No. 4958057 | Vat Registion No. 833 0069 55.

Registered Business Address: Hoppingwood Farm, Robin Hood Way, London, SW20 0AB | Telephone: +44 (0) 20 8336 2293

htc23 pop banner