Data Protection: It’s a kind of magic

As a practitioner of Neuro-Linguistic Programming (NLP), I was taught and understand the mechanics of musical 'anchors'. These are pieces of music that evoke a particular emotional state. We all have them, but usually things like a favourite song of an ex-partner that makes us sad or our first song at our wedding that makes us happy when we hear it.

If you have ever worked from home, especially on your own with no other people or pets, keeping focus can be a bit of a challenge. Therefore I have created a little playlist of 'Records related Records'. Or, as I have aptly named it on Spotify, "I love Records (and the GDPR)". I stick this on while working and I find I can get myself 'in the mood' in order to immerse myself in the world of records and data.

Back in mid-2018, I started sharing this playlist with friends, colleagues and those that come on my training courses. Most people look at you as if you're mad (and to be fair, I am) but almost all find the tenuous link between track and records related concept hilarious. Or, at the very least, they get to hear a bit of Queen, ABBA, Simply Red or Britney Spears. You can find this playlist on Spotify for your own enjoyment but I wanted to share some key tracks (and their tenuous) links with you to help inspire you, as they do me.

One of the key ways to help staff remember the principles is to make them more relatable. We often overcomplicate Data Protection training for staff to the point that the Principles are talked about first and then forgotten about in a sea of DPIAs, Breaches, Security etc. An approach to training (and culture) which has worked for me and others in the past is to focus entirely on the Principles and pitch effective information handling in a different way - a personal way.

While there are a number of ways of doing this, and each organisation's culture will demand different ways, one way is through the medium of music. Therefore indulge me while I take you through some records that are great at outlining the different requirements of Data Protection (and by great I mean tenuous but unforgettable!).

Principle 1: Respect - Aretha Franklin. You find many songs about 'lawful' or 'transparent'. But you will find a number of songs on fairness (and unfairness). But the one that most people resonate with will be a bit of Aretha Franklin. Especially as when you as people what is one of the components of 'what is fair', respect is a big and key player.
Principle 2: Better the devil you know - Kylie Minogue. Again, surprisingly, the number of songs on 'incompatible purpose' is quite limited (especially ones you've actually heard of!). But sticking with the original purpose (the devil you know) and not exploring new purposes for that data (the devil you don't) it's 'Better the Devil You Know'.
Principle 3: Somebody’s watching me - Rockwell. Now this one could easily be surveillance or data minimisation. But as I often refer to Principle 3 as the 'creepy principle' I think this works very nicely. Someone is watching everything I do and 'I have no privacy', how very true and something organisations often get wrong. For example, what is my gender needed in order to give me public wifi? Creepy much??
Principle 4: It's not right - Whitney Houston. A beautiful song about how she finds out her partner is cheating on her through his 'inaccuracies' in his story. Principle 4 requires us to keep accurate and up to date, but on occasion things may be a shade of grey or even 'inaccurate' in the Data Subject's eyes - and that's OK. (see what I did there... I did warn you some links were tenuous).
Principle 5: Who wants to live forever? - Queen. This song, has for me, always been beautiful. Apparently, Brian May wrote this song after seeing a particularly poignant death scene in Highlander. It encapsulates the 'death' part of the information lifecycle as 'all Data my Die'. And why would you want to "keep your data forever?".
Principle 6: Safe n Sound - Capital Cities. This is a little unknown modern song, but is very upbeat and references the relationship between people. I especially love the music video as it shows all different genres of Dance together, having a 'dance off'. Now while information security is not a physical dance, it is one in concept. Different aspects, different approaches and types, things always changing and you are always reliant on the skills of people. Some are great dancers, and others have 2 left feet. But all have a part to play to help keep data "Safe & Sound".
Principle 7: It wasn't me - Shaggy. An obvious one, but a brilliant example of the problem with accountability.  In the song, Shaggy maintains 'it wasn't me' when he was caught cheating on his girlfriend even though during the course of the song it becomes more and more evident that it was him. The Accountability Principle requires orgs to show that they are doing certain things. Owning and taking responsibility for their data and the risks around them. And acknowledging when things go wrong (and they will go wrong) instead of saying 'it wasn't our fault guv' (or rather, "it wasn't me").

Then when we look at some of the other aspects of Data Protection, you can have a field day with DP related records. I've given a sample below;

Gimme Gimme Gimme (Abba) - The right of access
Changes (David Bowie) - The right of correction
Stop (Spice Girls) - The right of objection
I want to break free (Queen)- The right of deletion
Locked out of Heaven (Bruno Mars) - The right of restriction
Making your mind up (Bucks Fizz) - Automated decision making

Does your mother know (ABBA) - Parental/Child Consent
Biology (Girls Aloud) - Special Category Data
Another one bites the dust (Queen) - Incidents & Breaches
Holding out for a Hero - The Data Protection Officer
Killer Queen (Queen) - The ICO
Let’s work together (Canned Heat) - Data sharing
Somebody to love (Queen) - Data Analytics

The list is always growing to do feel free to send me recommendations - they are always welcome. To follow the playlist head to Spotify via this link or search for the playlist "I Love Records (& the GDPR).

Leave a Comment

Your email address will not be published. Required fields are marked *