• About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising the Bar
  • Raising your Game
  • The Extra G - Geopolitical
  • Risk Matters - Roundtables
  • Leadership Team
  • Events
  • Blog
  • Contact
analytics-3088958_1920.jpg

How mitigating data protection risk builds trust and confidence with your customers

December 09, 2020

Nicola Wood, Senior Independent Director at the Information Commissioner’s Office (ICO) urges institutions to think about data protection law.

The significant monetary impact of poor data protection practices may have changed views on their importance and consequently changed their risk rating. High profile fines levied against Marriott, British Airways and Ticketmaster, and the fallout, have hit the headlines. There’s no doubt that getting data protection wrong has real societal impacts for the public, and commercial impacts for you. 

Even before the pandemic hit, people’s personal data was shown to be the lifeblood of the economy, playing a crucial role in personal and professional lives. Data is a vital asset and corporates and their audit committees should be asking themselves serious questions about the risks they are willing to take that could ultimately hit the bank balance, damage their company’s reputation and lead to the loss of their customers’ trust, confidence and business.

When it comes to customer information, it is not just an asset for business purposes, it is something deeply personal. It must be thought of in terms of corporate due diligence and oversight. It is not about tick boxing for the sake of it; it’s about genuine risks of causing disadvantage if data is wrong, or data is wrongly shared or data is stolen during a cyber attack.

So where do you start? 

A key data protection principle is accountability. It provides a real opportunity to make data protection part of your business culture and it means not only complying with the legislation but being able to show that you are. The ICO has recently published an Accountability Framework and self assessment toolkit which will help you to set out a roadmap for your organisation, making it easy for you to see what you need to do and how you can improve.

Data protection enables innovation

The ICO supports innovation and economic growth, and it is ready to support the UK as it steps forward in the global economy.

However, innovation and risks do go hand in hand and to mitigate against the data protection risk a Data Protection Impact Assessment (DPIA) is your friend. This enables you to scope out the purpose of your processing at the start of any projects, the risks the processing poses and measures to counter them. If you identify a high risk that you cannot mitigate against, you are required to consult with the ICO.

A modern, pragmatic regulator

The ICO’s approach is focused on working alongside organisations, helping you to make changes and improvements to comply with the law to reduce mistakes and misuse of people’s data. Working to get it right at the outset results in better outcomes for businesses and customers.

The ICO is there to help and there are many ways that you can engage and benefit from its expertise, whether that be via guidance on the website, calling its helpline, by taking part in consultations, applying to the Sandbox or consulting with the Innovation Hub.

Nicola Wood is the Senior Independent Director at the Information Commissioner’s Office. She has a decade’s experience at board level and is a former solicitor and ombudsman.

Screen Shot 2020-12-09 at 00.35.18.png
Tags: Nicola Wood
Prev / Next

Blog

Featured
Apr 15, 2025
Vera Cherepanova
The future of ESG: navigating a fragmented landscape
Apr 15, 2025
Vera Cherepanova
Apr 15, 2025
Vera Cherepanova
Mar 6, 2025
Mo Warsame, Gavin Hayes
Internal audit and risk management must work together to navigate uncertainty
Mar 6, 2025
Mo Warsame, Gavin Hayes
Mar 6, 2025
Mo Warsame, Gavin Hayes
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson