A key principle of the UK GDPR is that personal data must be processed securely. Poor information security can cause real harm and distress to individuals from which they are entitled to be protected. Whenever you are handling personal data you should remember the security measures that we have in place as an organisation. These include:
- being alert to the Safesend message that pops up whenever you are sending an email to an external recipient;
- always confirming email attachments are correct (have strong naming conventions in place and open the attachment before sending to check it is the correct one and does not inadvertently contain personal data that should not be being sent);
- being aware of the dangers of autocomplete and deleting your auto-complete list on a regular basis to prevent historically used email addresses being automatically populated;
- wherever possible copy and paste email addresses rather than writing them down to avoid the chance of typing them incorrectly; and
- when sending hardcopy personal data in the post double checking that it is going to the correct address.