Data Protection and the Virtual Assistant
Data Protection is one of those areas where if you ask 10 different people “Do I need to be registered?” you’ll get 10 different answers. So we wanted to clear this one up: As a UK VA, you DO need to be registered.
Already registered? Click here to find yourself on the list and to find your registration number.
Here’s why:
Firstly because you will be holding and storing data on your own clients. So that might be as simple as their email address to send them an invoice, or it might even be an all-singing and dancing CRM. It doesn’t matter – you still have a responsibility to them to keep that data secure. And therefore you need to understand what “secure” means and what would constitute a data breach.
Secondly your clients may well ask you to process data on their behalf, and as someone handling that data, you need to know best practice to protect your clients, but also to protect yourself. It is your phone number which will be reported to the ICO if you make unsolicited calls to TPS registered numbers.
Your data handling responsibilities:
- Who is responsible for the security of this data? E.g. removing unsubscribe requests, keeping details up to date, deleting old data, dealing with queries from those on the list about the data, making sure that only those who actually need the data have access to it within the organisation.
- Where has this data come from? E.g. has the contact actively opted in to receive this information?
- Access: Where is it stored? Who has access to that? So if it’s on an old computer, who makes sure it gets digitally wiped before being recycled? Do you make sure that no one else can access their private details (using BCC function/emailing programmes)?
At £40 a year, it’s not a massive financial burden, and it does give your clients confidence in your professionalism.
You can register here: https://ico.org.uk/for-organisations/register/
IMPORTANT NOTE:
When you fill in the questionnaire on the the ICO website or if you speak to someone at the ICO, bear in mind that as a Virtual Assistant you will be both a data controller and a data processor. Many do not realise this and that affects the answers given when corresponding with the ICO.
What would you state as the Sector and Nature of Work drop downs on the Data protection Registration form online? Currently can’t see anything that a VA would come under unless I select ‘Media’ or ‘Other’ for the Sector, and ‘nature of work’ drop down doesn’t include anything resembling VA or administration/Editorial work. Would it just be classed as ‘General Business’. Grateful for any support you can offer so I don’t select or edit the wrong thing whilst registering.
Hi Daniella
This is one of my bugbears with the HMRC classification system and what we do – there is no “one size fits all” or specific VA definition so you need to pick the one which matches what you do as closely as possible… A heck of a lot of us just put “Consultant” under OTHER but you might offer accountancy services and want to put that in?
Thank you for the above Caroline. I have just registered for the DPA.
I am just starting up, and hadn’t realised what was required.
I don’t understand or know how to add the cookies disclaimer on. Would you be able to help?
Your help is much appreciated.
Anita
Hi Anita
ICO have recently tweaked their guidance on this – you need options for the visitors to opt out before they enter the site. Basically that means a pop up.
More info here: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2019/07/blog-cookies-what-does-good-look-like/
Hi, I’m hoping to start working as a membership secretary for a charity later this year – where can I get the right training for this, for CRM and for data protection in order to register for that too – I assume a training course is needed to register to show that you do know how to keep data safe?