Member Sign In

Armchair Data Ltd

Consultancy, Business Services

Wired Sussex & Armchair Data Enhance Personal Data Practices

Wired Sussex & Armchair Data Enhance Personal Data Practices header image

The Challenge

Wired Sussex supports hundreds of companies and freelancers in the digital sector locally. This comes with many responsibilities, some of which are in relation to both members’ personal data and that of members of the public who sign up for events or look for jobs.

Because of this mix of people whose data is being used and the additional companies Wired Sussex decides to work within the process, who does what, why, and is this appropriate can get complicated. This is especially so without a dedicated data protection team on standby to answer key questions, such as:

– Where is the line between people’s personal data and information about their company?

– Do you always have to delete personal data when someone asks you to, and how do you go about it?

– If you received a subject access request (DSAR) tomorrow, how would you deal with it?

– When two companies work together and use personal data, what is the difference between their roles and responsibilities in relation to it?

The Results

Wired Sussex kickstarted the process with sharing current processes on dealing with DSARs and ‘right to erasure’ requests, and for what purpose they use other companies to help them manage personal data.

What Armchair Data did:

– Reviewed the provided process documents and commented on how to improve current practice;

– Explained key elements that differentiate DSARs and the right to delete, making it easier for the people who deal with them to honour the requests more quickly;

– Provided a ‘DSAR pack’, with a guide on how to reply to DSARs and exemptions to sharing personal data, plus customisable response templates and checklist, ready for Wired Sussex to use;

– Produced reports for internal use on what a ‘controller’ and a ‘processor’ has to do under the UK GDPR;

– Ran two consultation sessions and one training on information rights for the Wired Sussex team, so that everyone is aware of what they have to do when people exercise their rights.

As a result, Wired Sussex:

– Has separate and updated processes for acting on DSARs and the ‘right to be forgotten’, ensuring key stakeholders know what to do and when;

– Can reply to a DSAR without wasting time of the statutory deadline, using the provided templates and guidance;

– Gave an opportunity to not only senior management but also the whole team to understand practical aspects of data protection, which can be used to show accountability;

– Understands personal data and the controller/processor relationship better, especially own responsibilities when it comes to managing both more efficiently.

Find Out More