USER RIGHTS: These are: right to be informed, right of access, right to rectification, right to erasure/to be forgotten, right to restrict processing, right to data portability, right to object and rights with automated decision making and profiling.

Ithas been said that the currency of the modern world is not gold, but information. If that is true, then nearly every business is storing financial information, emails, and other private information that can be invaluable to cybercriminals or other nefarious actors. What is every business required to do to protect its customers’ and clients’ private information?

As a part of our series about “Five Things Every Business Needs To Know About Storing and Protecting Their Customers’ Information”, I had the pleasure of interviewing Ketan Dattani, a multi-award-winning entrepreneur. He holds 23 years of recruitment experience and has a high profile within the sector. He is widely documented as an expert on Employment Law, Employee rights and for providing Careers Advice.

Ketan is the Founding Owner and CEO of Buckingham Futures, a specialist award-winning Environmental Health Recruitment Business that provides bespoke permanent and temporary recruitment and consultancy solutions to public and private sector employers.

Academically Ketan holds a degree in Environmental Biology and a Masters Degree in Environmental Planning and Management. He also holds a postgraduate Certificate in Employment Law and The Certificate in Recruitment Practice which is a nationally recognised recruitment qualification developed jointly by The Recruitment & Employment Confederation and key employers.

Thank you so much for joining us in this interview series! Before we dig in, our readers would like to get to know you. Can you tell us a bit about how you grew up?

Thank you so much for having me! I was born in Leicester in the early 1970s after my parents migrated to the UK from their birthplace of Uganda.

My early memories are of growing up in a small house with lots of uncle, aunts and cousins. With the loss of much of Leicester’s industry during the mid-1970’s my parents moved to South East London to seek employment.

In London, our economic situation wasn’t the best. We lived in a rented room till the birth of my sister. It was then that we were allocated a flat in a council estate.

As a child, seeing my parents daily struggle as Ugandan refugees have contributed to my development and where I am today.

Is there a particular story that inspired you to pursue your particular career path? We’d love to hear it.

From a young age, I established an avid interest in Environmental matters. My interest was sparked when I spent a summer holiday with my grandparents in Coventry.

Even though I was only four years old I remember so vividly the fresh air, clean playgrounds, birds singing and open green spaces.

It seemed a world away from my environs of passed-out vagrants, broken lifts, smashed street lights, graffiti, broken bottles, burnt-out cars and boarded up windows.

Having failed miserably in the school system it was my avid interest in Environmental matters that led me back to into the academic arena and to my choices of undertaking an undergraduate degree in Environmental Biology and a Masters degree in Environmental Planning and Management.

Can you share the most interesting story that happened to you since you began your career?

Leaving a corporate career to set up a self-funded Environmental Health Recruitment Business from scratch from my parent’s box room has been very ‘interesting’ to say the least.

I started Buckingham Futures for personal and professional fulfilment. I love to feel as if I am contributing to something important, an overarching vision for what I can create, and am motivated by change, challenge, and problems to solve.

I was very motivated by the idea of creating something from the ground up. Making the jump from being an employee to starting my own company was exhilarating, rewarding exhausting, relentless, stressful and interesting in equal measures.

None of us can achieve success without some help along the way. Is there a particular person to whom you are grateful who helped get you to where you are? Can you share a story about that?

While a lot of people have helped me along the way, the one person (apart from my mother) who I have always been particularly grateful for is the Head of Science at Hendon College, Dr Theo Cronje.

My teens were a difficult time for me as I was going through a series of failures due to my unshakeable belief in my ineptitude. It stopped me from truly trying to succeed. Unwittingly, I was conforming to a self-fulfilling prophecy I’d set for myself. Dr Cronje believed in me when no one else did. He saw potential in me that I could not see.

Not only did he encourage me through college, but he also encouraged me to apply for University entrance. This was truly foreign ground to me as no one from my neighbourhood had ever been to University!

The more I look back, the more I appreciate pivotal that period under his guidance has been to the rest of my life.

Are you working on any exciting new projects now? How do you think that will help people?

Buckingham Futures are currently heading up the recruitment campaigns for major UK infrastructure projects in partnership with UK airports and seaports in setting up border control facilities in response to changes brought about by Brexit.

We are also working in partnership with numerous Local Government clients forming new divisions to enforce The Health Protection (Coronavirus, Business Closures) (England) Regulations 2020 relating to the closure of pubs, clubs, restaurants and other relevant premises and for COVID-19 contact tracing and interviewing roles.

This will help plentiful people as Environmental Health Professionals play a vital role in keeping the public safe by enforcing business closures and social distancing in workplaces as well as contact tracing and controlling COVID-19 outbreaks.

What advice would you give to your colleagues to help them to thrive and not “burn out”?

The best way to avoid burnout is to ensure the health and well-being of your people is always front and central to your business culture.

It is essential that the workforce learn to love what they do so it doesn’t feel like a job and see challenges as opportunities and it is important for business leaders to take a comprehensive look at what they’re offering beyond salary and traditional benefits. I regularly talk with my employees about what they’d find most helpful in promoting wellness within Buckingham Futures.

Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. Privacy regulation and rights have been changing across the world in recent years. Nearly every business collects some financial information, emails, etc, about their clients and customers. For the benefit of our readers, can you help articulate what the legal requirements are for a business to protect its customers’ and clients’ private information?

Here in the UK, under the UK General Data Protection Regulation (UK GDPR), when a business collects personal information, it must provide the applicant with an information notice, also known as a privacy notice or fair processing notice. This notice must set out the certain required information, including the purposes for which the data will be processed, the legal bases for processing and the period for which the data will be retained. The business could provide the information notice on its website, and send a link or copy of the notice in correspondence.

Beyond the legal requirements, is there a prudent ‘best practice’? Should customer information be destroyed at a certain point?

Yes, when the time comes that you no longer need a document or set of documents, you should destroy them. Providing that they don’t relate to company information, clients or employees.

Customer information should only be stored for a finite period, although that will differ based on the company and the purpose of the data. For example, all business agreements and contracts (such as employment contracts) should be retained for six years before you destroy them, excluding the particular length of any contracts.

In the face of this changing landscape, how has your data retention policy evolved over the years?

At Buckingham Futures, we focus on supplying our clients with total satisfaction, confidence, and enthusiasm. We have built reliability, trust with our clients through honesty and integrity ensuring that their data is being handled sensitively and with confidentiality and as such our data retention policies have evolved under the law.

Are you able to tell our readers a bit about your specific policies about data retention? How do you store data? What type of data is stored or is not? Is there a length to how long data is stored?

Buckingham Futures are registered with the Information Commissioners Office (ICO) and we have a full assurance programme in place, led by senior management, to ensure compliance with GDPR with business continuity plans in place, tested annually with results reported to senior management.

All of our employees receive mandatory training on policies and procedures for handling confidential health information to ensure compliance with privacy/security requirements.

Our data security policy is compliant with the EU Data Privacy Directive (EU 95/46) and the UK Data Protection Act 1998. We have a programme in place to ensure compliance with GDPR.

Delivering comprehensive environmental health insights requires processing significant quantities of data — including sensitive data. We understand how important it is for clients to be able to rely on their data and trust it is being handled sensitively and with confidentiality in mind.

Our approach to Information Governance includes but is not limited to:

• Ensuring processes and offerings meet all appropriate standards and operate within applicable laws, policies and guidelines, including consent and confidentiality.
• Educating Buckingham Futures employees to understand that Privacy and safeguarding of data is a significant part of our corporate culture.
• Working closely with the Information Commissioner’s Office ensuring we are informed of policy changes/challenges.
• Setting clear contractual agreements on responsibilities we are General Data Protection Regulation (GDPR) compliant.
• Undertaking ethical risk assessments and Data Privacy Impact assessments (following the law, ICO to safeguard against unintended consequences.

Has any particular legislation related to data privacy, data retention or the like, affected you in recent years? Is there any new or pending legislation that has you worrying about the future?

Yes, GDPR has been affected by Brexit and as a recruitment agency, we needed to understand the implications as the transition period ended on December 31, 2020.

From January 1, 2021, the UK became a ‘third country’ and new rules apply concerning data transfers. In essence, these rules mean that UK businesses do not need any new arrangements for transfers from the UK, but will need to put in place safeguards to maintain data flows from the EEA to the UK.

The ICO has advised that usually, the simplest way to provide an appropriate safeguard for a restricted transfer from the EEA to the UK is to enter into standard contractual clauses with the sender of the personal data.

In your opinion have tools matured to help manage data retention practices? Are there any that you’d recommend?

At Buckingham Futures, we manage data retention in the house so I am unable to advise if tools have matured to help manage data retention practices or recommend any particular tools.

There have been some recent well-publicized cloud outages and major breaches. Have any of these tempered or affected the way you go about your operations or store information?

We undertake vendor risk management as part of our procurement processes and regularly review security, policies, audit systems, and revise training to employees to ensure we stay on the leading edge of data protection. Our internal systems are set up such that we can pull the plug on a compromised vendor with minimal impact on the rest of the business.

Ok, thank you for all of that. Now let’s talk about how to put all of these ideas into practice. Can you please share “Five Things Every Business Needs To Know In Order Properly Store and Protect Their Customers’ Information?” (Please share a story or example for each.)

Five things every business needs to know to properly store and protect its customers’ information are:

1. DATA STORAGE: Under the UK-GDPR, businesses must create a data retention policy to help them manage the way they handle personal information. If they keep sensitive data for too long — even if it’s being held securely and not being misused — they may still be violating the Regulation’s requirements.

2. LEGAL REQUIREMENTS: UK-GDPR requires businesses to maintain Record of Processing Activities (RoPA), covering the ‘legal basis’ for holding personal data, how it is processed and with who it is shared. Only users that need access should have access.

3. DATA ANALYSIS: The more sensitive the data is, the better you need to protect it, and the more specific you need to be about what you are using it for.

4. USER RIGHTS: These are: right to be informed, right of access, right to rectification, right to erasure/to be forgotten, right to restrict processing, right to data portability, right to object and rights with automated decision making and profiling.

5. SYSTEMS: These need to be regularly audited to ensure policies are being followed, and no cases are falling through the cracks.

You are a person of enormous influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂 (Think, simple, fast, effective and something everyone can do!)

I’d like to see everyone recycling much more, as it helps to reduce energy usage, reduce the consumption of fresh raw materials, reduce air pollution and water pollution (from landfill) by reducing the need for “conventional” waste disposal and also reduces greenhouse gas emissions.

Us Brits are said to be among the highest waste producers in the world. These wastes include those from kitchens, laundries, bathrooms, and gardens as well as industrial waste.

As a parent, I’ve experienced first-hand how my 4 children have an innate connection to the environment. They are naturally very open to new ideas and perspectives whereas most adults have grown accustomed to a certain way of life. They’ve experienced the convenience of living a less environmentally conscious lifestyle. Breaking those habits and changing those ways of thinking can be a huge hurdle.

When we don’t recycle, reuse and reduce, we destroy natural habitats. As it is, our earth cannot cope with the current rate of destruction.

How can our readers further follow your work online?

I am active on Instagram and LinkedIn.

They can connect with me personally (https://www.instagram.com/ketanova/ and https://www.linkedin.com/in/recruitmentandconsultancy/) or follow my company pages

(https://www.instagram.com/buckinghamfutures/ and https://www.linkedin.com/company/buckingham-futures/viewAsMember=true).

This was very inspiring and informative. Thank you so much for the time you spent with this interview!