Protecting Employee Data

Hello Friend
 
It is the first Tuesday in the acclaimed month of love. I am particularly excited about this month because my birthday is in this month. Every new day is a clean slate to start again, to have a course correction or a refuelled energy to keep the tenacity of pursuing your goals and dreams alive. Well, let me save all that pep talk for another day but bottom line is, don’t stop pushing nor talk yourself out of your dreams because you feel time is going but let that be a motivating factor to keep you going.
 
Data, they say, is the new oil; data is required for different purposes and aid various processes. Hence, the importance of data cannot be overemphasized, and which brings the conversation of protection to the table. You will agree with me that whatever is of value is secured for safety. As employees, right even before we join the organizations where we work, there is an exchange of personal data and whether we get the job or not, the data shared remains with them and how this data is processed is unknown to us. Have you ever got those fraudulent job emails? Have you ever wondered how they got hold of your email address and even phone number? Well, let’s just say there has been a breach and the data got into the wrong hands either by wrong storage or a breach during transfer. Once any personal data is not properly stored or used for another other purpose for which it was collected, that means a breach has occurred and data protection is a necessary step to engage.
 
It is common to think that once a person becomes an employee in an organization, their data can be used for various activities or even transferred to a sister organization and used for another purpose without seeking their consent. Data Protection is beginning to gain grounds around the world and employers need to take seriously the management of employee data, not just those of clients or investors. Protecting the data of employees just as the data of every other individual is a must as they are also under the Nigeria Data Protection Regulation (NDPR).
 
Protecting employees’ data is in the processing of the data. There are six principles to be adhered to in processing personal data of all data subjects:

1. Lawfulness: Processing activities must be lawful, transparent, and fair. There must be a lawful basis for any personal data processing activity. So, all the unsolicited emails we receive from fake organizations for recruitment are totally unlawful.
2. Specificity: Personal data must only be collected for specified, explicit and legitimate purposes. Never collect data that you don’t need; also note that the more data you collect the more prone you are to a breach.
3. Adequacy: Personal Data being processed must be adequate and relevant to the processing activity and accordingly limited for such purposes. 
4. Accuracy: Personal Data must be accurate and kept up to date. At intervals, carry out an update of all employees. Never assume any personal information of an employee, no matter your relationship with them as this could lead to errors.
5. Storage: Personal Data must be retained only for as long as necessary.
6. Security: Personal Data must be processed in a manner as to guarantee its security- confidentiality, integrity, and availability.
    

Protecting employees’ data should be priority in every organization and the principles of data processing should be strictly adhered to. At 21Search, we have Data Protection training at both Foundation and Practitioner classes to further enlighten you on Data Protection Regulation in Nigeria and all that it entails. Kindly visit www.ndpacademy.ng for more information.

Until I come your way again, stay safe, work smart and not just hard.

Lizzy.