Create expectations about data being used
Posted: Thu Feb 06, 2025 6:35 am
As above, consider whether there is other personal data that, when combined, could lead to identification of an individual – for example their age, ethnicity, and school combined
As well as thinking about the text data itself, the ‘metadata’ – information that describes the data, like user IDs, timestamps, etc – needs careful handling, as it may allow individuals to be identified
Think about how beneficiaries or service users (“data switzerland rcs data subjects”) may feel about how their data is being used. Many people may be surprised to know their data has been analysed, even if they checked a box to give full consent during collection. Ensure you have a clear Privacy Policy that aligns with your organisation’s values. Have a process of informed consent, which helps them clearly understand what you intend to do with their data and why, and lets them choose to opt in or out without losing access to your services. Emphasise the steps you’ll take to protect their privacy, and the end purpose of this work. If you’re not sure what your clients would be happy with, ask them.
Run a Data Protection Impact Assessment
Running a Data Protection Impact Assessment will include creating a ‘Risk Register’ to identify specific risks within your data (mainly the examples in this blog!). List what actions you’ve taken to mitigate these risks and what the likelihood and severity of any harm might be. Then zoom out and look at the overall impact once your actions have been put in place.
As well as thinking about the text data itself, the ‘metadata’ – information that describes the data, like user IDs, timestamps, etc – needs careful handling, as it may allow individuals to be identified
Think about how beneficiaries or service users (“data switzerland rcs data subjects”) may feel about how their data is being used. Many people may be surprised to know their data has been analysed, even if they checked a box to give full consent during collection. Ensure you have a clear Privacy Policy that aligns with your organisation’s values. Have a process of informed consent, which helps them clearly understand what you intend to do with their data and why, and lets them choose to opt in or out without losing access to your services. Emphasise the steps you’ll take to protect their privacy, and the end purpose of this work. If you’re not sure what your clients would be happy with, ask them.
Run a Data Protection Impact Assessment
Running a Data Protection Impact Assessment will include creating a ‘Risk Register’ to identify specific risks within your data (mainly the examples in this blog!). List what actions you’ve taken to mitigate these risks and what the likelihood and severity of any harm might be. Then zoom out and look at the overall impact once your actions have been put in place.