• LinkedIn
  • search
Latest News
Home
Features

Protecting data in busy motor factors

Protecting data in busy motor factors

This month, Mandy Huntley, PMF’s data protection expert, looks at processes which can cause you issues as a busy motor factor, such as warranty returns where data is changing hands and needs to be secured, but the process needs to be streamlined to ensure maximum efficiency.

This is often where poor habits creep in as it can involve multiple systems, sometimes manual moving of data between them, and there’s scope for errors or lapses in security.

Last month I gave you my five top tips for data protection. One of those was “show your working”. When assessing the security and efficiency of a process, I like to start with a blank piece of paper – the bigger the better! I draw out the process in its simplest form. For you to do the same, you could ask yourself the following questions:

  • Where does the data come from?
  • What do I do with the data as soon as I receive it?
  • Who can gain access to the data?
  • Do I pass the data on to any other organisation? If so, how?
  • Where do I store the data?
  • How long do I need to keep the data for?
  • What happens when I don’t need the data anymore?

Drawing this out as a flow chart is a good starting point, then you can go back to the beginning and start adding information. Ask yourself these questions to help:

  • How do we tell people what information we collect, hold and use?
  • Do we need every piece of information?
  • How do we protect data at every step of the process?
  • What do we know about the companies who provide the systems we use?
  • What’s the lawful basis for collecting, using or holding data?

These follow-on questions can lead you down metaphorical rabbit holes. You don’t need to answer every question right now. This can be a large piece of work if you’ve never done anything like it before or if the process is particularly complicated. I often do this for very complex processes where highly sensitive data changes hands several times.

I firmly believe that your approach to data protection should be proportionate, and this means that you don’t need to scrutinise every detail as you would if you were dealing with sensitive health information, for example, but you do need to assure yourself that every system you use for personal data and every process in place is fit for purpose as it doesn’t introduce unnecessary risks for the people whose data you hold or your business.

Mapping out a process will allow you to identify the unanswered questions. Make a list of these questions, and if you have a lot, prioritise finding the answers; for example, if you have software which was in place when you bought the business and you really don’t know much about it, prioritise that. A really good place to start is with your contract with that supplier. It should tell you whether the supplier is able to access the data held within the system and the process you need to follow should something go wrong. The supplier should be able to tell you the steps they take to ensure that data can’t be lost or inadvertently changed when they make upgrades to the system. Your IT supplier may be able to help with this or a data protection professional will be able to facilitate the conversations and get you the assurance that you need.

You might not like some of the answers you get; if so, you need to consider whether you’re willing and able to accept the risk or whether something needs to change.

If you can look at a process and remove even one single email from it, that’s one less step to take and less information flying around on email, one less chance to lose the data.

Why is all this important?

Even with extensive planning and protections in place, things can still go wrong. People will still leave a piece of paper lying around, send an email to the wrong person or mistype something in a system. If this happens, you may need to tell the people affected. In some cases, you may need to report it to the Information Commissioner’s Office and potentially even the police. Done well, the process map that I’ve walked you through demonstrates that you’ve considered every step of the process and taken action to gain assurance or make changes where you need to.

Data protection doesn’t have to be overwhelming. If you need support, please drop me an email. Likewise, if you embrace the blank piece of paper and turn it into a fabulous process map, I would love to hear about it. Mandy@mandyhuntley.co.uk

To connect with Mandy Huntley on LinkedIn, click here.

Protecting data in busy motor factors
Mandy Huntley
For more information, click here.
Tags:

Related posts