So, you may have heard of the GDPR, which will be enforced from 25th May 2018, and you may know about the UK Regulator’s vision of increasing data trust and confidence across the UK public
The ICO recently emphasised the importance of data protection in the digital age, at a conference, and highlighted some opportunities (and challenges the GDPR brings):
- GDPR is an indicator of change
- It is a response to the challenge of upholding information rights in a digital age – protecting rights of individuals in the context of an explosion in the quantity and use of data, in an environment of rapid technological change
- GDPR will be an important part of the global data protection landscape over the years ahead
- GDPR confers new rights and responsibilities on organisations, and ORGANISATIONS NEED TO BE WORKING NOW TO PREPARE FOR THEM https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
- The organisations which will thrive under GDPR will be those who recognise that the key feature of GDPR is to put the individual at the heart of data protection law – think about how people want their data handled and you won’t go wrong
- Transparency and accountability are at the heart of GDPR. What does that mean? Being clear with individuals how their personal data is being used, and demonstrate how you are putting high standards of data protection at the heart of how you do business.
- Without good practices, businesses may lose customers’ trust, which could be so damaging for your reputation and your organisation
- Trust can lead to a competitive advantage
- Rights for individuals include: right to be informed about the use of their data; the right of access to their information and move their information around; the right to correct their data and erase information where appropriate; the right to withdraw consent; and the right to challenge profiling and other automated decision making.
- There are new requirements to carry out a Privacy Impact Assessment and ensure systems are designed with privacy in mind
- Increased responsibilities for data processors, including to maintain records of processing activities, keep data secure by having appropriate technical and organisational measures in place
- Organisations must report personal data breaches to the ICO within 72 hours of becoming aware of them – do you have the systems in place to do that?
- Data analytics and profiling are key issues for online businesses, who want to understand the online users even better
And that doesn’t even start to look at how you can send marketing information to individuals… that will be the subject of a future blog.
With less than 12 months to go before enforcement of GDPR, we are going out to do training sessions at board level for our clients, those responsible for HR team, marketing teams, and operations, health and safety. So depending on your business, which will be impacted, it’s important to start thinking about how we can make sure we don’t fall foul of the new rules.
We are helping clients every day, and they are asking us a number of questions about GDPR, and how it will impact… and we’ll be blogging the answers to those questions over the coming weeks and months.
We have some practical steps to start to take to understand how ready you are for GDPR – first step, is starting to understand where your business is RIGHT NOW… here’s a link to the ICO assessment if you’d like to do a quick check https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/
Watch this space. We are here to help, to explode some myths, and help you. Keep with us. We know what we are talking about.
Being an online business, you are at the heart of the change… you have a major stake in increasing public trust and confidence among the public. By putting the individual in control of their own data, you can deliver that change positively with active benefits for your business… in terms of increased customer trust, confidence leading to increased revenue.