There’s a new acronym causing a lot of consternation in the business world right now. GDPR. We’ll forgive you if you’ve not taken much interest – after all, General Data Protection Regulations don’t sound all that exciting, do they? With the fact that this bit of legislation is a European directive and an imminent Brexit, it would be easy to think there was nothing to worry about. If you are thinking like that, sorry, but you’re wrong. Data protection matters to every one of us.
Firstly, let’s look at the European angle. The legislation is effective from May 2018, and at that date, we’re still in Europe. Then, our own Data Commissioners are supporting the changes – even outside of a Brussels legislature, the UK will comply because business is international, and trade depends upon it. Also, data is no longer confined by national borders. You may assume you do no business overseas, but if you store data in the cloud, or have a European citizen on your mailing list, effectively, that’s what you’re doing.
In the years since the original Data Protection Act was introduced, there have been huge changes in technology and, more recently, an alarming rise in cybercrime. Organisations hold vast amounts of valuable personal data, but under GDPR, it’s no longer acceptable for them to store information without explicit consent. Data breaches must be notified. Individuals have the right to be forgotten.
Like it or not this is one of the biggest shake-ups for information management we’ve seen in years, and the fines for failing to comply with the provisions of GDPR are huge. But it’s not just about fines, it’s about responsibility and recognising and respecting the value of personal information.
That’s why organisations all over the country are preparing for the changes. And that includes us. We’re undertaking a full review of our processes around data management and considering that in the light of the risks to ourselves and to others. We’re looking at security strategies, policy implementation, how we handle data subject requests, at audit trails and the tracking of data processing activities. We’re looking at how we protect privacy and how we would handle and remedy a breach. We’re reviewing consent mechanisms and implementing appropriate changes. In short, we’re designing data protection into all our activities because your data security matters to us.
We are making excellent progress and are certain that by the May 25th deadline we will be fully compliant and that, consequently, our data security standards will be better than ever.
Will you be ready too?