WATCH · Data, Security & Compliance_
The Data Law Your Board Doesn’t Know About
Saleem Beg · Founder, Teque
● 1:40 · Posted 2 months ago
KEY TAKEAWAYS_
- Every UK organisation must now maintain documented, auditable evidence of every data protection complaint — who raised it, how it was investigated, what was fixed, and how the outcome was communicated
- The ICO holds controllers — meaning the board — personally accountable; the Capita fine last October was £14 million, the largest ever issued
- The law doesn't care that nobody told you — if there's a pause when you ask who owns your complaint log, that pause is your answer
TRANSCRIPT_
So, I have been in a lot of rooms this year, and I mean boardrooms mostly with CEOs, MDs, founders, and chairs. We've talked about growth, about hiring, about margins, about AI, of course, and about whether this quarter is going to be kind. Yet, not once not once has anyone mentioned the Data Use and Access Act. Because in 8 weeks, every UK organization needs documented
evidence of every data protection complaint they've received. It should include who raised it, how you investigated it, what you fixed, and how you communicated the outcome. It should all be logged, retrievable, and auditable.
And this is not an IT requirement. Very important for you to understand. It sits at board level. The ICO holds controllers, meaning you personally accountable. The Capita fine last October was 14 million pounds, the largest the ICO has ever issued. You see, the law doesn't care that nobody told you. So, here's what you can do today. Bring this to your next board
meeting and ask who owns your complaint log. If there's a pause, that's your answer, and you have 8 weeks to sort it out.
“If there's a pause, that's your answer, and you have 8 weeks to sort it out.”
