In the dynamic world of compliance, understanding the intricate parallels between different sectors is key to evolving and refining our practices. A prime example lies in the striking similarities between health and safety (H&S) and data protection management. Surprisingly, they share a core concern: safeguarding individual rights, be it the right to life in H&S or the right to privacy in data protection.
The implementation of the Health and Safety at Work Act in 1974 marked a pivotal moment in the H&S compliance space. Since its inception, the field has undergone a remarkable evolution, shaped by nearly five decades of experience, adaptation and continual improvement. The Act laid the foundations for a systematic approach to ensuring workplace safety, paving the way for stringent regulations and meticulous oversight. Over the years, H&S professionals have diligently studied accidents, dissected near misses and fine-tuned their strategies to create safer environments. Through rigorous reporting mechanisms, thorough investigations and proactive risk mitigation, the H&S landscape has seen a significant reduction in workplace incidents. This progression stands testament to the effectiveness of a robust legal framework coupled with a proactive, learning-oriented industry. The journey of H&S compliance since the enactment of the Health and Safety at Work Act serves as a beacon, illuminating the path for other compliance domains, including data protection, to similarly evolve and mature in their pursuit of excellence. By understanding and embracing the lessons learned from this journey, data protection professionals can glean invaluable insights and apply them to fortify the future of data privacy and security.
Lessons from the accident triangle
In H&S, the ‘accident triangle’ illustrates the escalating seriousness of incidents: for every fatality, there are multiple serious accidents, and for each serious accident, several minor incidents occur. This hierarchy demonstrates the critical importance of addressing near misses – incidents that could have led to accidents but fortunately did not. Similarly, in data protection, focusing solely on major breaches is not enough. A near miss in data protection terms could be an email platform consistently auto-filling the wrong email address, which someone manually corrects each time to ensure information isn’t shared with the wrong recipient. Acknowledging and addressing near misses such as this, is crucial. Encouraging a culture of open reporting, even for potential mishaps, provides invaluable insights into risks and fosters proactive privacy protection.
Cultivating a reporting culture
Unlike H&S management, where reporting near misses is commonplace, data protection often lacks this open culture. In H&S, you can expect a mistake such as temporarily blocking a fire exit to be quickly reported and rectified, and a staff-wide email sent to prevent future incidents. However, similar alerts are unlikely to happen in relation to data protection. What data protection professionals should aim for is a similar mindset relating to personal data. Imagine an employee proactively alerting the data protection team about recurring autofill errors, foreseeing the potential for a significant mistake. Such transparency is the cornerstone of effective data protection. Encouraging employees to report potential issues without fear of consequences facilitates a proactive stance against privacy breaches.
The path forward: learning from other compliance arenas
By delving into the practices of other compliance arenas, data protection professionals gain fresh perspectives and innovative solutions. Embracing lessons learned in different realms fosters a holistic approach to compliance. Just as H&S experts have honed their techniques over decades, data protection specialists can draw from this wealth of experience to refine their strategies and fortify their programmes.
In summary, the journey towards robust data protection doesn’t happen in isolation. It’s a collaborative effort, drawing inspiration from diverse sectors and embracing lessons from various compliance programmes. By understanding the parallels with H&S management, data protection professionals can pave the way for a more secure, transparent and proactive approach to safeguarding sensitive information. Let’s bridge the gap, learn from one another, and collectively elevate the standards of compliance in our ever-evolving digital landscape.
As Lead Auditor for DQM GRC, I’ve seen first-hand how proactive attitudes towards data protection compliance ensure adherence to the policies and procedures that are designed to protect personal data. Our goal is to help our customers embed data protection principles in their organisation’s culture, leading to better internal communication, earning the trust of their customers, and ultimately winning more business.
Contact DQM GRC to find out how we can support you on your data protection journey, including GDPR gap analyses, supply chain audits and interim consultancy.