top of page

Happy Data Privacy Day!

Writer's picture: Hannah WebbHannah Webb

Did you know that Data Privacy Day takes place on the 28th of January every year to raise awareness and promote privacy and data protection best practices?


It is a subject I got interested in before my HR career. After doing A-Levels, I joined BMW in Oxford, home of the Mini, as a Logistics Apprentice. Over 60 of us joined, and in our first week it was drummed into us that data protection was pivotal, and examples were given: if we were sat in the pub we should not talk of new models being worked on, we should always lock our computers when stepping away, never leave confidential information laying about... the list goes on. This stuck with me - and we were told of the consequences of breaching this!


We now have the Data Protection Act 2018 which is the UK's interpretation of GDPR (General Data Protection Regulations), and some find this topic dull but I find it really interesting.


  • To keep it simple I always advise people to avoid contentious points being put in writing (on any platform) - for example if you have an employee who is not performing, keep the relevant points for their performance meetings - not in an email trail to your peers, complaining about them!

  • Treat personal data like a valuable tool – you wouldn’t leave expensive equipment lying around, so don’t leave sensitive data exposed. Use secure passwords, encrypt files, and keep paper records locked away - think before printing too. If your staff need access, make sure it’s only the right people for the right reasons.

  • Holding on to personal data for too long is risky and unnecessary. Set clear timelines for how long you’ll keep records, such as CVs, disciplinary notes, or employee addresses. When you no longer need them, dispose of them securely – shred paper files and delete electronic records.

  • It is becoming increasing common for employees or job applicants to submit a Subject Access Request (SAR), which is where they apply for a copy of their data held by the organisation - it might be their employee file, emails exchanged where they are the subject, training records - the list is not exhaustive. How do we recognise a subject access request (SAR)? | ICO

  • Engineering and manufacturing often rely on automation and tech, but be mindful of privacy risks when integrating these systems. For example, ensure employee tracking tools or monitoring software are used responsibly, respecting privacy and only for legitimate business purposes.

  • Did you know that companies can be fined up to 4% of their turnover if they breach data protection laws? This is not to scaremonger, but it is a sobering figure if severe breaches are found. It is such a fundamental part of employing people, but one in which people can go wrong.

  • As a leader, show your team that privacy matters. Follow your own policies, handle information carefully, and encourage an open culture where employees feel comfortable raising concerns about data security.


By building good habits around data protection, your business will not only comply with the law but also foster trust, loyalty, and respect among employees and customers. Think of it as protecting both your people and your reputation – a win-win! If you have any need for HR support from strategy to operations, do get in touch.



Image of a contract of employment for an apprentice at BMW

3 views0 comments

Recent Posts

See All

Comentários


© 2025 Hannah Webb People Consultant Ltd 

Registered company number 15770552. VAT registration number 474 4285 69

bottom of page