Navigating Data Protection Risk and Liability at Board level – have you signed up to the JOIC’s Boardroom support sessions yet?
How do you hold the executive to account when it comes to Data Protection? How do you stress test the effectiveness of the data protection policies and procedures embedded in the organisation? What is your risk appetite, bearing in mind the impact of any regulatory action could have on you and the organisation, including the impact of any fines?
The Jersey Office of the Information Commissioner (JOIC) is offering a limited number of board room support sessions to help boards and Non Executive Directors (NEDs) navigate the data protection landscape; helping you to understand both board and manager data protection risks and responsibilities.
The sessions are an opportunity to work with the subject matter experts in a safe space to stress-test the data protection practices in your organisation, and identify the risks before they are realised.
JOIC’s Communications and Operations Manager Anne King (shown above) explains how to navigate data protection and risk at board level.
The non-negotiable pillars of every organisation’s governance model
Fairness, transparency and trust are non-negotiable pillars of every organisation’s governance model. At the very core of governance and risk management is the treatment of personal information.
Personal information flows throughout every organisation – stop and consider for a moment whether the organisation you help to lead can function without it. Putting this into context, remember that we all expect our personal information to be protected and used fairly and respectfully whether we are a client or a member of staff. Do to others, as would be done unto you…
How do you hold the executive to account when it comes to Data Protection?
Data Protection legislation is in place to help ensure, when it comes to our personal data, that all of us are provided with appropriate legal protections and remedies in today’s highly digitised world. It seeks to hold organisations entrusted with our personal information accountable, to set standards for how that information is used and as a last resort to provide a framework for enforcement where rules are breached.
How do you hold the executive to account when it comes to Data Protection? How do you stress test the effectiveness of the data protection policies and procedures embedded in the organisation? What is your risk appetite, bearing in mind the impact of any regulatory action could have on you and the organisation, including the impact of any fines?
While good data protection regulation should promote economic growth, its primary purpose is to recognise that privacy is a fundamental human right that is currently under increasing threat. Rapidly advancing technology has transformed privacy risks exponentially. The JOIC is here to help you understand your obligations under the Data Protection (Jersey) Law 2018 (DPJL) and how it in turn helps you maintain client and staff trust.
The DPJL places direct obligations relating to the processing of personal information on business and organisations.
The DPJL is based around six principles of ‘good information handling’. These principles place certain obligations on those organisations that are responsible for processing personal data and set the standards for how it must be handled. The DPJL states that an organisation can only process personal information where certain conditions are satisfied. For instance, the processing should be fair, transparent, for a specified and legitimate purpose, and limited to the personal information necessary to fulfil this purpose. Personal information must not be kept for longer than needed.
NEDs are responsible as well
In a recent JOIC survey, 82% felt it was important for organisations to keep personal information safe and secure.
As a NED you have independent oversight of an organisation so you are able, and indeed required, to constructively challenge the executive directors and hold management to account. Data protection is a fundamental part of the risk management landscape of your organisation and the Data Protection (Jersey) Law 2018 forms part of your statutory duties as a NED; you are responsible for governance and accordingly your organisation’s compliance with its terms.
Boardroom support sessions
The JOIC is offering a limited number of Boardroom support sessions to help boards and NEDs navigate the data protection landscape – sharing best practice and helping you to understand data protection risks and responsibilities for the board and for management.
The JOIC is reaching out to offer support for you and your board for all matters relating to data protection. The support includes practical guidance and tools to help you stress test how data protection matters are dealt with in your organisation and, accordingly, its impact on the board. These transferrable tips will help in all walks of life.
This is an opportunity to work with the subject matter experts in a safe space to stress the data protection practices in your organisation, and identify the risks before they are realised.
JOIC support is confidential and non-adversarial. However, as the regulatory body charged with regulating the Data Protection (Jersey) Law 2018, it is our duty to act where non-compliance is identified.
To book your Board Room Support Session contact Anne King, JOIC Communications & Operations Manager.
Do you have a question about Data Protection that you would like answered? Drop us an email to [email protected]
