GDPR – We’ve Only Scratched The Surface!
29th May 2018
The General Data Protection Regulation (GDPR) became law on 25th May 2018.
Many people feel that the 25th May is the end. The Information Commissioner, Elizabeth Denham confirmed in her speech at the ICO conference on 9th April “In Fact, it’s important that we all understand there is no deadline. 25th May is not the end. It’s just the beginning.”
According to KPMG and The Legal 500, 54 per cent of companies feel that their businesses aren’t ready for the new legislation, and an overwhelming majority of businesses haven’t yet scrutinised third parties for possible compliance issues either.
And of course, third party processors aren’t just in the EU. The Indian information technology and IT-enabled services industry would be the most affected by the new law since it derives almost 30% of its revenues from Europe.
Two thirds of businesses, 67 per cent of them, said they wouldn’t meet the deadline of May 25, and less than half (40 per cent) know where their data is stored.
Many consumers are not confident that business uses their data for legitimate purposes.
With the increase in news stories about the abuse of personal data, over a third of people are now expected to exercise their right to be forgotten from 25th May under GDPR.
GDPR compliance helped by an engaged board is a great opportunity to win consumer trust.
It’s all about data
- Data we collect
- Data we store
- What we do with the data
Good news for business
- Better Management Information
- More effective customer databases
- Reputation for honesty, transparency and fairness
- A safe pair of hands
Good News for individuals
- Recourse to organizations that use data
- The right to be forgotten
- More likely to trust and freely part with their data
Employees must play their part as they all put the organisation’s hat on when they walk into the office. Putting themselves in the customers shoes.
Organisations, business owners and employees will require ongoing training as the legislation matures. (It will be challenged in court).
All of us need an ongoing GDPR Action Plan and not a one-off fix.
GDPR has to be built into the DNA of our businesses. Used as a shield and not a sword to better business practice.
Health & Safety has become part of our culture now that we have accepted that it’s there primarily to oversee our personal safety. In the same way, GDPR will be creating a Data Protection culture for the safety and security of our personal data.
It’s vital that your teams are getting the right ongoing training and they understand why GDPR is there. Not only to protect the individual but the business too!
If you are struggling with GDPR, now’s the time to get some help.
Linda Bazant is a barrister and GDPR Consultant and provides common sense, straight and to the point practical advice to enable you and your staff to comply with the General Data Protection Regulation. Linda can be contacted by email firstname.lastname@example.org or call 07957 422069.