No matter what role you’re in, you interact with information every day – emails, documents, spreadsheets, notes, conversations, photos and more. You don’t need to be a data protection specialist to make a big difference. Good data protection can come down to sticking to simple everyday habits.
Here are five practical things you can do to protect people’s information and reduce risk.
Only collect and use the information you genuinely need
It can be tempting to gather extra details ‘just in case’ but holding more personal information than necessary creates avoidable risk. Sticking to the essentials keeps information safer, and processes simpler. Ask yourself, do I need that information? And if not, you probably shouldn’t be collecting it.
Consider what you include in documents and messages
When creating documents or drafting emails, think before adding personal details. Many data breaches happen simply because someone included more information than required.
Ask yourself:
- Do I really need to name the individual?
- Could I describe the situation without identifying anyone?
- Have I removed contact details or sensitive information that isn’t essential?
This could save you from a data breach.
Keep information secure – whether online or offline
Data protection is closely linked to good digital hygiene. Everyday actions can dramatically reduce the risk of data breaches, protecting you, your organisation and the individuals whose data you process.
Some basics everyone should follow:
- Use strong, unique passwords and keep them private.
- Be alert to phishing emails or suspicious links.
- Store files in approved locations, not personal devices or unsecured cloud services.
- Lock your screen whenever you step away.
These simple steps can protect both individuals and your organisation.
Share information carefully and only with the right people
Most data breaches aren’t the result of hackers – they’re caused by human error. Accidentally sending a file to the wrong person, attaching the wrong document, or giving access to someone who shouldn’t have it are common mistakes.
Before you share anything:
- Doublecheck who you are sending the email/file to.
- Make sure the person genuinely needs the information to do their job.
- Only share the minimum required.
If in doubt, ask Information Governance or Data Protection team.
If something goes wrong, report it straight away
Everyone makes mistakes. What matters most is how quickly an issue is raised. Reporting early gives the organisation the best chance of containing the problem and protecting anyone affected.
You won’t be blamed for raising a concern – in fact, quick reporting is considered responsible and helpful.
If something feels “not quite right”, speak to your Information Governance or Data Protection team as soon as possible.
Good data protection isn’t about memorising legislation it’s about everyday awareness, sensible choices and doing the basics well. By doing this we protect the people who trust us with their information.
Written by: Thomas M. – Senior Information Governance Officer