If you are responsible for governance in a business or other organisation, then you will have heard of GDPR. I hope. The EU regulation comes into force on 25 May 2018. The new rules raise the standard of Data Protection and harmonise the requirements of all member states.
In the UK we already have the Data Protection Act 1998 and it is good. But if you think of all the ways that our ability to process data has changed since the Act, you will realise the new regulations mean that most organisations will have some changes to make in the way they collect, use, store and dispose of personal data.
What does GDPR stand for? General Data Protection Regulation
Some key changes
- Definition of personal data – strengthened to recognise new technologies and uses of data
- Liability increased to include processors
- Improved definitions of consent
- Changes to the rights of access, to be informed, of rectification, of erasure, to restrict processing, of data portability and to object
- [Often the headline] Much higher fines for breaches
The Information Commissioner’s Office (ICO) provides lots of free information and a whole industry has sprung up around GDPR, but until we see the final guidance and the ICO has brought about prosecutions we don’t really know what it means.
Predicting the unpredictable
No-one can tell you what the new rules will hold. But there are some principles we can be sure of.
- If you follow the ICO guidance and actively address aspects of your data management that don’t meet the new requirements, you will be in a better position than organisations who choose to ‘wait and see’.
- If you document what you have done, should there be a breach or complaint against your organisation, you will have a smoother path than organisations that opt to take their chances.
- If your customers, clients, employees, suppliers and partners see you treating their data with respect, you will enjoy a better reputation than organisations that continue to ignore the rights of individuals to privacy.
GDPR is big and scary. But the Business As Usual team believes that a logical approach to GDPR, breaking it down into manageable chunks will help organisations meet the spirit and letter of the regulation. This, in turn, will reduce the risks of non-compliance as well as enhancing your reputation.
If you would like to learn more come to our seminar in Derby on 25 January 2018. Entry is free and we are providing refreshments. We only ask that you consider making a donation to the Multiple Sclerosis Society who are our hosts.