pixel

TRADE ASSOCIATIONS

 

Trade Associations and Data Protection Part 1:

Key Considerations

Data protection is important for any business, regardless of the sector they are in and trade associations face some unique hurdles and opportunities in this field.  While data protection can be a difficult burden for some organisations, trade associations can benefit in some situations. By providing assistance and resources to the members to help manage and alleviate that burden, they provide an incentive for becoming a member. Additionally, preventing data breaches and rectifying non-compliance will positively affect their image and the image of the sector they represent.

However, it is important that trade associations understand their own responsibilities, especially when they arrange events, provide workshops and distribute member information. With all of this in mind, trade associations should consider the following to get the benefits of data protection and avoid the chances of suffering a breach, or not complying with the law.

  1. What laws and regulations apply to you and your members? Trade associations cover a wide range of industries and sectors, most of which will have their own regulations and codes of conduct, which may cover data protection and privacy. For example, the financial service sector is regulated by the FCA and organisations that handle children’s personal data should follow the ICO’s code of practice for age appropriate design. We recommend creating a legal register, which records the laws, rules and standards that apply and what you are doing to comply with them, as they will help to track this and will also be able to show compliance if you are ever audited.
  1. How can you help your members? One part of the duties of a trade association is to provide advice and guidance for the benefit of their members and with the serious consequences of not complying with data protection laws, advice in this field is very valuable. Holding workshops, providing templates, having expert consultants and providing access to shared resources, such as data protection officers, will help ensure that everyone remains compliant and provides an incentive to join your association. Another action you can take is to draw up a code of conduct and to get it approved by the ICO. This provides many benefits to all that agree to follow these codes, including easier international data transfers.

  1. What training is needed? As most data breaches are down to user error, training can be an enormous factor in stopping data breaches. Supplying training as part of your membership can not only help to prevent data breaches but will also add value to your offering, as cyber skills are very useful and easily transferable.
  1. What value a Data Protection Officer (DPO) can add? Whilst a Data Protection Officer may not be required in all cases, you should consider appointing one anyway, as all of the members can make use of their services. This not only helps you to comply with data protection legislation and avoid breaches but also adds value to your offering and helps ensure that your members are compliant. 
  1. How does data flow between you and your members? Trade associations often publish the contact details of their members internally, they may also have run programs where several members cooperate on a project, which may involve the sharing of personal data. In such situations, it can be confusing as to who is in charge of the data and what everyone’s roles and responsibilities are. With the potential of things getting missed in this confusion, it is critically important that the data flows are documented and controlled. To do this we would recommend you conduct a comprehensive data mapping exercise.

….To be continued in Part 2

If you want to speak to one of our experts about any of the content in this article, you can book a free 30 minute no commitment consultation here.

RELATED PRODUCTS