How to protect your personal data?

Every day, you need to provide personal information in order to go on with your daily activities, e.g., give your personal identification documents and contact details to your Employer, or the name of your kids and other information to their school; or your medical history to doctors, etc. The solution is not to stop providing data to keep yourself safe of unauthorised or unlawful processing -which is quite impossible anyway- the point is to take all the reasonable steps to ensure safety.

Useful? Embed this infographic on your website.

That being said, how we can ensure safety? Hopefully, my thinking will give you the questions that you should ask before providing your data to ensure that nothing is left to chance when it comes to protecting your privacy and personal data.

  • Who is asking for your data?

It’s important to know who you are giving access to decide whether you trust or not. For instance, you may trust your Bank with your personal data but not their third-party providers of marketing as well as you may trust entities located and processing personal data under EU law and not the ones outside the EU/EEA area.

A way to assess the commitment of the entity that you are thinking to entrust your data is to corroborate the available tools they have in place for you to exercise your rights.

  1. What data has been requested?

For example, it is understandable that your Bank asks for your personal identification documents and contact details to open you a bank account. What would be unexpected is if they ask you for your university grades, or the result of your doctor’s appointments, or your use of dating apps for opening you a bank account. You see, it is important to know what they are asking to decide if it is appropriate or not to provide with.

  • Why they need the data for?

You have the right to request what is the intended processing of your data and the legal basis for the processing. For example, you may provide your personal identification and contact details to your Bank and approve the processing of it, as far as it is necessary to open your bank account; but you may not agree to provide it for opening credit lines. They must inform you beforehand, so you can carefully consider and take a decision.

  • How will the data be processed?

By automated means or with human intervention? What is the logic involved and the envisaged consequences for you? With who your data will be shared? And why? And how the personal data is back up and secure by all the parties intervening when processing your data?

All this information must be handed to you beforehand. Always review the Privacy Policy and the use of cookies and other tracking technologies.

  • For how long will the data be retained?

Naturally, if you are closing your customer account, the entity should erase your personal data from their records since, there is no more need to process it thus, to retain it. However, there are situations where the entity may need to preserve your data for more extended periods. For example, when you close your bank account, the Bank may keep your information for the next five (5) years to fulfil its legal duties of Anti Money Laundering and Counter-Terrorism Financing.

Please note this is not legal advice. I can not know what your particular situation is. However, I believe that the answers of Who, What, Why, How and For how long, will provide anybody with the essential information for taking a well thought-out decision.

FURTHER RESOURCES:

Principles for the Processing of Personal Data under the GDPR

Who is the Data Controller and what are its responsibilities under the GDPR?

Jessica Lam

Jessica Lam

Advocate, Consultant and Co-Founder of TALACKA Ltd., a full-service software development company integrated by developers, designers and data protection specialists.
Jessica Lam

Leave a Reply

Your email address will not be published. Required fields are marked *