D-DAY for GDPR
Today marks the GDPR deadline, but it’s only the beginning.
The GDPR says you must obtain freely given, specific, informed, and unambiguous consent from your contacts. You also must clearly explain how you plan to use their personal data.
As businesses have been preparing for the new regulation, the media has fear mongered companies to be frightful of fines. The 4% or €20million penalty has often been the main driving force for becoming GDPR compliance. Yet, this shouldn’t overshadow the main focus; to giving people back control of their data.
The ICO has stressed that they will not start fining organisations left, right and centre, and Elizabeth Denham has stated that it is the last resort and they are “committed to guiding, advising and educating organisations about how to comply with the law.” However, this does not mean they shouldn’t take the new regulation seriously. The ICO will fine organisations if they are careless with personal data as they have always done.
Just this week alone, the ICO fined Bayswater Medical Centre (BMC) in London for abandoning sensitive information in empty building, the University of Greenwich following a serious security breach involving the personal data of nearly 20,000 people, and last week The Crown Prosecution Service (CPS) was fined £325,000 after losing victim interview videos.
GDPR – What is it good for?
But it’s likely that ICO is making an example out of the first few breaches and will soften over time. Though, we, like many other organisations, are not willing to take the risk. We have been working around the clock to make sure that our company is GDPR compliant. Plus, it’s not just for our own sake that we’re doing it. GDPR gives everyone the right to their own information. That means even those whose businesses are affected by GDPR, also have those rights.
“The rules will always be bent, if not broken, by companies seeking to gain a competitive advantage,” says Ben Robson, a partner at legal firm Oury Clark. “But the newly introduced principle of demonstrable accountability and the unprecedented scale of penalties made available to the regulators should constitute a greater deterrent against breach and a shift from the current, relatively toothless and largely ignored, regime.” [source: The Guardian]
GDPR is a fundamental step for organisations to manage their data in a more holistic way. It will allow them to gain a greater and more well-rounded view of the information they store. Once organisations deploy the correct processes to organise this data and implement analytics tools. The privacy requirements of GDPR can help create useful and accurate insights. Something that will benefit organisations and consumers alike.
How will it help?
Organisations will be able to use customer insights and ultimately grow their business in a way that would not have been possible before. And, as a consumer GDPR can protect personal data in a time of severe mistrust (Facebook and Cambridge Analytica scandal) around data sharing and usToday will not be the end of the road for organisations, they will need to continually keep up to date with developments in data protection and review their processes. There’s no doubt that data protection will continue to shift and evolve as technology develops. Along with a shift in attitude toward protecting personal data.
We have created a GDPR checklist that organisations are able to download to check they have covered all basis as well as sharing articles that might be relevant to the software they use. If you have any questions regarding whether your website is GDPR compliant and what we can do to help, don’t hesitate to get in touch.