BSS11 – I do, I do, I do, I do, I do8 min read

Garth Wader - IT Guru

The mailshot has produced some unexpected interest that takes a toll on Sydeline.

Keeping track of everything that you need to do in your business is difficult.  But there are some basics, like getting consent from people to use their data.  

Mike and Russell introduce the acronym RESPECT and discuss the basics of becoming and remaining compliant to data protection and the vast array of other business regulations.

Timings

  • 00:20 - Scene 11.1 Should have got that 'I Do'
  • 03:54 - Scene 11.2 A little R E S P E C T
  • 07:00 - Discussion between Russell & Mike
  • 07:28 - Why can Emails be blocked?
  • 08:30 - Ignorance is no excuse
  • 09:56 - Where to start with Data Protection
  • 11:00 - Role of the decision makers in protecting data
  • 11:23 - Showing Professionalism
  • 12:20 - Information Technology's role in data protection
  • 13:38 - Reviewing the R.E.S.P.E.C.T. acronym (see below)
  • 16:45 - What's next?

Useful Information

Basic landscape of business regulation (@00:00)

The Agency Workers Regulations, 2010
Agriculture (Safety, Health and Welfare Provisions) Act 1956
Children and Families Act 2014
Companies Act 2006
The Companies (Model Articles) Regulations 2008
Companies (Audit, Investigations and Community Enterprise) Act 2004
Computer Misuse Act 1990
Copyright Act 1956
The Copyright (Amendment) Regulations 2016
Corporation Tax Act 2010
Digital Economy Act, 2017
Data Protection (Charges and Information) Regulations 2018
Data Protection Act 2018
Electronic Communications Act 2000
Employment Act, 2008
Employers’ Liability (Compulsory Insurance) Act 1969
Employment Medical Advisory Service Act 1972
Employment Relations Act, 2004
Employment Rights Act, 1999
Enterprise Act 2016
Environmental Information Regulations 2004
Environment and Safety Information Act 1988
Equality Act, 2010
Factories Act 1961
Freedom of Information Act, 2000
Fraud Act 2006
General Data Protection Regulation, 2016
Control of Asbestos Regulations 2012 
Health and Safety (Display Screen Equipment) Regulations 1992
Electricity at Work Regulations 1989
Control of Electromagnetic Fields at Work Regulations 2016
Health and Safety Information for Employees Regulations 1989
Provision and Use of Work Equipment Regulations 1998 
Health and Safety (First- Aid) Regulations 1981
Control of Substances Hazardous to Health Regulations 2002 
Work at Height Regulations 2005 
Control of Lead at Work Regulations 2002 
Management of Health and Safety at Work Regulations 1999
Manual Handling Operations Regulations 1992
Control of Noise at Work Regulations 2005 
Health and Safety (Offences) Act 2008
Employers’ Health and Safety Policy Statements (Exception) Regulations 1975
Personal Protective Equipment at Work Regulations 1992
Reporting of Injuries, Diseases and Dangerous Occurrences Regulations 2013
Health and Safety (Training for Employment) Regulations 1990
Control of Vibration at Work Regulations 2005
Health and Safety at Work etc Act 1974
Workplace (Health, Safety and Welfare) Regulations 1992 
Income and Corporation Taxes Act 1988
Income Tax Act 2007
Income Tax (Earnings and Pensions) Act 2003
Income Tax (Trading and Other Income) Act 2005
Mental Health (Discrimination) Act 2013
National Minimum Wage Act 1998
Modern Slavery Act 2015
National Insurance Act 1974
National Insurance Contributions Act 2015
Payment Card Industry Data Security Standard
The Privacy and Electronic Communications (EC Directive) Regulations 2003
Pension Schemes Act 2017
Pensions Act, 2014
Offices, Shops and Railway Premises Act 1963
Private Security Industry Act 2001
Safeguarding Vulnerable Groups Act, 2006
Small Business, Enterprise and Employment Act 2015
Trade Union Act 2016
Transfer of Undertakings (Protection of Employment) Regulations, 2006
Value Added Tax Act 1994
The Value Added Tax (Amendment) Regulations 2018
Work and Family Act, 2006
Working Time Regulations, 1998
Working Time (Amendment) Regulations, 2007

Show R.E.S.P.E.C.T. (@00:00)

  • R - Roles - Who does what
  • E - Education - Raising understanding
  • S - Standards - Know the rules
  • P - Policy/Process/Procedure - Define the rules, route and instructions
  • E - Enforcement - Make sure it's done
  • C - Communication - Open discussion
  • T - Testing - Does it work, prove it!

Episode script

CONTINUITY: Jakob and Zelda are having their weekly meeting to catchup.  It’s Monday morning and the email debacle continues.

JAKOB: So, 18 leads for all that effort, poor Michaela

ZELDA: She’s fine, but we are now having problems with our email service

JAKOB: Problems?

ZELDA: Well since Thursday we’ve be unable to send emails and we’re still getting the abusive ones coming in

JAKOB: No emails?

ZELDA: We were blocked by our internet provider for sending spam email.  Garth is looking into it.  Shall we get an update from him now?

JAKOB: Had better.

(Knock, knock, knock)

ZELDA: Oh, Come in Bryock, great timing. (Bryock enters)

BRYOCK: Felicitations to you both!

JAKOB: Morning Bryock (rolling eyes)

ZELDA: Bryock, could you get Garth to pop in and see us please

BRYOCK: Yes Ms Zero and whilst I’m gone I thought you should have early sight of this (passing a letter to Zelda)

ZELDA: Thanks

JAKOB: What is it?

ZELDA: A letter from the Information Commissioners Office

JAKOB: Oh right, what’s that about

ZELDA: Err, they’ve opened a case on Sydeline following 53 separate concerns being lodged with them.

JAKOB: What? Let’s have a look.  It says here that they have been unable to ascertain who is accountable for protecting personal data in the organisation from our website and that they are unable to find a Data Controller Register entry for us.

ZELDA: Data Controller Register?

(Knock, knock, knock – tuneful)

ZELDA: Uh, come in?

GARTH: Morning Zelda, Jakob, you asked for me to pop in

ZELDA: Oh yes, yes we did.  Sorry, bit flummoxed by a letter we’ve just received

GARTH: Ahhh, the ICO I see… Probably raising concerns about our actions last week on email

JAKOB: Yes… yes it is. How did you know?

GARTH: Oh, well, when Michaela told me what has happened I guessed it would come to their attention.  Did you report it?

ZELDA: Report what

GARTH: The breach of 30,000 natural person’s privacy

ZELDA: By who

GARTH: By us

JAKOB: (irritated) What are you talking about Garth?

GARTH: Ok, sorry, thought you realised.  I was focusing in resolving our relationship with B 2 B 4 E Mail to get our email service reauthorised.  My assumption was that you understood that you had purchased a poor quality email list which didn’t have the appropriate consent secured and that the horrendous backlash we had already suffered had forced you to bring the incident to the attention of the ICO

JAKOB: (flustered) Why on earth (calming down) Why didn’t you tell us?

GARTH: (matter of fact) Email service was down!

ZELDA: Thing is… We didn’t know about.. You know… About what you just said

GARTH: Oh yikes! So, the ICO are following up on concerns reported to them by members of the public?

ZELDA/JAKOB: YES!

GARTH: Ahh, that’s not good.  Well it may be alright if you can show them that you’re on the road to being compliant with latest regulations

ZELDA: Which are…?

GARTH: Oh the General Data Protection Regulation and, probably more applicably, the Data Protection Act 2018, or DPA18, which is what I like to call the little beauty.

JAKOB: Little beauty! You seem to know a lot about it

GARTH: Only what I’ve read

ZELDA: Clearly more than we know

GARTH: Well, I wouldn’t like to say that

JAKOB: We would.  Sit down. We need to put a plan together

GARTH: But email…

ZELDA: Good grief!  This has priority over running the “Death Star” Garth

CONTINUITY: It’s two days into the information breach and the investigation from the ICO. Zelda and Jakob escape the office and convene to the Dog and Bone

ZELDA: God! That has to have been the worst start to a week… EVER!

JAKOB: It’s not good.  We’ve got a way to go with this DPA18 compliance stuff too.  I’m not sure our efforts will be rewarded by avoiding a fine

ZELDA: A fine – oh that could bring us to our knees, no matter what size it is.

JAKOB: Don’t worry, I can keep us going through this, just don’t tell your dad… Oh and here he is, (sarcastic) great!

NERO: And how are my two favourite people?  Looking a tad frazzled!

ZELDA: It’s been a tough week, we’ve…

JAKOB: (interrupting) had a lot of good leads in and sales are going well

NERO: Really, what about the ICO investigation?

JAKOB: (surprised) What?

ZELDA: How did you know?

NERO: The ICO announce their actions on Twitter and their other feeds

ZELDA: Oh no

NERO: Don’t worry, I’m sure it’s just a formality.  You’ve got your compliance arrangements in place haven’t you?

JAKOB: Starting to hate that word

ZELDA: What compliance?

JAKOB: Yeah, sounds so oppressive

NERO: I like to think of it as Respect

ZELDA: Respect?

NERO: Yes sweetie, Respect for the health and safety of your people, respect for the laws of the land, respect for the requirement to pay tax and report to the proper bodies.  In fact, R E S P E C T is an acronym too… Hold on (looking on phone), where is it… Ah, here you go

ZELDA: Roles, Education, Standards, Process, Enforcement, Communication and Testing – what’s that then?

NERO: The things you need to consider in becoming compliant.  Who does stuff, teaching people. Setting the rules and procedures… etc

JAKOB: So that’s what we need to do to get on top of Data Protection

NERO: Yeah… And Health and Safety, VAT, Corporation Tax, Employment Law, Cyber Security and any number of the manufacturing standards that you MUST be applying in the factory.

ZELDA: Oh, yes, yes of course

JAKOB: Are we?

ZELDA: (hard stare and clipped) Yes, we have robust standards in place in the factory.

NERO: Funny thing.  You know that problem we had in the factory before you left?

ZELDA: Yeah?

NERO: Well, Chris’s top notch procedures and record keeping saved our skin to be honest.  The auditors that came in found only minor non-conformities and took only advisory action

JAKOB: Thanks Nero, a great pointers there

NERO: Always happy to help if I can – drinks?

ZELDA/JAKOB: YES PLEASE!

Discussion Transcript

Transcript to follow soon

Acknowledgments

Music included in this podcast is broadcast under the terms of Limited Online Music Licence from the PRS.  Gydeline licence number: LE-0017122

The theme tune, Salami Dreamers, and other incidental music is from the album Quirky Werky, courtesy of Chris Lewis & Realbrass,

Harriet Teagle is the digital artist who created our mascot (Cobot), website graphics, podcast album art and character headshots.  All imagery is copyright of Gydeline Ltd.

Camhayle Theatre Club, from Wadebridge in Cornwall, provided the majority of the cast for the drama.