On the 28th May 2018, the biggest changes to Europe’s data protection rules since the 1990’s will come into effect.
In the last twenty years the way we create, store and work with data on a minute by minute basis has changed immensely, and the old data privacy rules simply do not work anymore; they don’t protect us against data misuse.
Your Business and GDPR
Whilst GDPR has become an industry in its own right, many enlightened businesses should only notice incremental changes. In short, if data protection is already important to you now - then interpreting the new rules will be straightforward.
There are almost 100 Regulatory Articles which outline the obligations of businesses and the rights of individuals, however key consumer data rights could be described as:
• The right to be informed.
• The right to access.
• The right to rectification.
• The right to erasure.
• The right to restrict data processing.
• The right to data portability.
• The right to object.
• The right not to be subject to automated profiling and decision making.
In short, every business of whatever size needs to ensure that they can justify the retention, usage and manipulation of data; and be able to confirm that what they do with it is within the customer’s best interest.
In the last few weeks, my business has seen a ten-fold increase in enquiries relating to GDPR. Whilst this is good news for us, it suggests that many businesses are acting at the last minute; leaving an extraordinary amount of work to do before the deadline.
With the deadline looming, there are some important matters upon which every business needs to reflect:
1. Businesses who are found to be non-compliant or in breach of GDPR could be subject to a fine of 2% of turnover (not profit).
2. Most companies will require the services of a permanent or retained Data Protection Officer whose role will be to independently oversee compliance within that business.
3. Every business will need to identify what data is ‘personal’ or ‘sensitive’ within the organisation and whether they have a legal basis for using or storing it?
4. All businesses need to demonstrate a process as to how they request, store and manage new / incoming data. Ultimately, businesses are now more accountable for the data they receive, hold or process than ever before, and their customers can demand more from you.
The Customer Perspective
GDPR gives us all a greater say as to how information is used by organisations, it will also be far easier for an individual to get hold of a record of the information held. Whilst you may be perfectly satisfied that your Bank looks after your data, are you happy that every organisation who knows something about you will also look after your data the same way?
If you’re not sure, you’re not alone. In a recent Europe-wide survey, 34% of respondents said they were “going to exercise their right to be forgotten.” With this level of engagement, there’s a significant upside for businesses who get it right. In-fact almost a third of people polled said they’d trust a business more if they’re fully compliant with the regulation.
In short, the GDPR should change what you see in your email inbox, but it won’t eradicate the growing problem of data being misused outside of the EU – that’s for another day! What is for sure is legitimate businesses will be paying far more interest in how data is processed and whether their customers are happy with their performance!
With a background in Marketing and Corporate Risk Management across several industry sectors, some five years ago I set up my own operation to help Small Businesses reach new customers using the Social Media and new technology.
With the increase in focus upon Data Protection and Risk Management, we’re helping to integrate these new Regulations into small businesses in Portugal and the UK.
Whether you’re looking for some high-level advice, a data audit (as recommended by the Information Commissioners Office) or a full awareness exercise, why not drop us a line by visiting us online at www.eqbp.uk/gdpr.