08 May GDPR – What’s all the fuss about?
GDPR stands for General Data Protection Regulations. It is EU legislation aimed at ensuring that personal data is given protection which fits with 21st century technology. Here in the UK, parliament is currently debating the UK Data Protection Bill which will have the effect of bringing this EU legislation into UK Law. In so doing, the UK will remain on a par with Europe in terms of data protection going forward regardless of whatever twists and turns there may be within the Brexit negotiations.
The GDPR was published in 2016, and goes live, and therefore becomes enforceable from the 25th of this month.
Who needs to know about it?
We all do, but for different reasons. Any organisation which holds or handles personal data needs to be – or become – compliant with the GDPR. This will undoubtedly present challenges for many organisations, but it also creates great opportunities to develop an ethical business which inspires customer confidence.
Individuals: As individuals, we should all learn about the opportunities that the GDPR provides us. Our privacy should not be walked all over, bought, sold and stolen just because there are technical ways that have enabled that to happen. The GDPR puts us back in control of our own data.
For example there should be no more sneaky terms and conditions which lead to never ending marketing emails such as:
□ ‘please untick this box if you no longer want to receive our emails’, or
□ ‘thanks for your order, please tick this box if you would like to receive emails relating to the progress of your order. We will also send you offers which we think will be of interest to you’
After the 25th May, if you unsubscribe to a website email list, they should – shock, horror – actually unsubscribe you!
Organisations: For organisations, if you are not a new organisation, it is likely that you have years of personal data held on your systems, or even in paper copy in a filing cabinet. Under GDPR you need to ensure that your physical and technical security is sufficient to protect that data against data breaches – whether that be through physical theft or cybercrime. You need to ask yourselves – what data are you processing (that includes simply storing it)? Do you still need to process it? At what point will you no longer need it?, and how do you ensure that you do not process (or store) it for longer than is necessary / lawful?
Where can I get further information?
For small to medium sized businesses, the Information Commissioner’s Office provides detailed and structured support and advice. Go to https://ico.org.uk/ for more information.
For larger organisations, there are a number of consultants and companies offering a broad range of technical solutions that may help you to understand and manage your data, but GDPR compliance cannot be achieved with technology alone.
Here at Data Solver our software is driven by the requirements of the legislation, created by our combined team of legal & technical geeks, and is modular, so it can be tailored to suit the needs of different organisations. We go beyond one-off templates to create end to end bespoke solutions with a focus on process efficiency, flexibility and excellent customer service.