De-bunking data protection myths

As we become a more connected world, our awareness of our privacy and data protection grows, especially as we see more businesses and organisations falling victim to data losses and breaches.

Cloud sharing is now a worldwide business tool and the proliferation of social media means more and more information is entering the global internet atmosphere.

Public interest and knowledge is on the rise but it will take some time before individuals are as confident with their rights and understanding of data as they are with subjects like consumer rights.

At CFH we handle huge quantities of personal data and so we take our responsibilities very seriously.

What are some common data protection myths?

With that in mind, it is worth considering some of the common misconceptions around data protection and privacy and asking yourself just how much you know about the law and your rights.

1. Personal data is only something that identifies me by name

Consider the party game twenty questions, you can’t name that person but by disclosing some facts about them you can work out who that person is. Personal data can be anything that helps identify an individual from email addresses, car registration plates, bank account details, medical records, shoe sizes, your location and even in some cases opinions about that individual. If you can use a combination of information to identify an individual then that data can be considered personal.

2. Consent is needed before anyone can do anything with my data

Unfortunately, this isn’t true. Some processing of data is necessary. Consider when you start a new job, you will give your details to your employer who will then share the necessary information with HMRC to ensure that you are taxed correctly! This is a legal basis for data sharing. Other examples include vital interests such as the sharing of medical records for life or death purposes or public interest such as the administration of justice. The practice of data sharing, as it is known, is closely monitored and regulated internally by our IT and data protection staff at CFH. 

3. Data protection regulations mainly apply to data on computers

That’s not correct, whilst most data is now held on computers, even paper filing systems can be considered subject to data protection regulations if they constitute structured sets of personal data that can be accessed according to criteria. Here at CFH we are no different and will have records that are kept in paper filing systems that will be subject to those laws. Always consider what data you are keeping, where you are keeping it and for how long.

An ever-evolving concept

The landscape around data protection is changing considerably at the moment due to a combination of factors including the UK’s exit from the EU, growing public awareness and the desire for businesses and organisations to be ethical and trustworthy so like anything else it is worth staying informed.

To find out more about our data protection accreditations, visit: our accreditations page.