GDPR - Part I

By Paul Broadbent • 5 January 2018 • News

GDPRTheft is a thriving business and, in this day and age, particularly profitable. Since the dawn of time the evidence shows that, no matter how draconian the penalties are, the ingenuity and skills of the perpetrators have found ways to make crime worthwhile. Recent research shows that four out of five UK people do not trust organisations with their personal data. If you look at the news and see all those horror stories about identity theft, this statistic should not surprise you.

The superfast growth of digital technology has brought with it vast benefits but also great opportunities for the unscrupulous. Clearly, punishment alone has not been enough, so the European Union have decided that, on 25th May 2018, a new law, four years in the drafting, will come into force, designed to prevent theft and punish those who allow abuses to happen through negligence or omission. This is the General Data Protection Regulation (GDPR).

In the UK, the Information Commissioners Office (ICO) has been set up by Parliament to ensure that everyone – yes, everyone - with a database containing personal detail complies with GDPR. The ICO is headed By Elizabeth Denham who is not only well versed in data management but very lucid about the Act.
“I don’t need to tell you how the world has changed in just a generation. We have a digital infrastructure that was unimaginable when the Data Protection Act was forged twenty years ago” she announced to the Institute of Directors on the 17th October 2017.

Her function is to oversee the legislation that demands fair, transparent, accurate and non-discriminatory use of personal data. She has the power to audit, advise, ensure compliance and issue fines.

In other words, the ICO is a kind of benevolent police force with powers to protect an individual’s data wherever it is stored: financial organisations, financial planners, mailing lists, doctor’s surgeries, schools, advertising agencies, website and graphic design companies, on an e-commerce websites … you name it; multinational corporations as well as small businesses. There are no exemptions.

Here is Elizabeth Denham again: “Our data protection reforms commit us to:

  • Explore innovative and technologically agile ways of protecting privacy

  • Strengthen transparency and accountability 

  • Promote good information governance

  • Protect the public in a digital world.”

The media have painted that GDPR is another example of unnecessary EU meddling. This is unfair: the advance of digital technology does not recognise state borders and has been too swift and too complex for the existing national laws to cope. The ICO’s purpose is swing the pendulum back so that we have a balance of both protection and penalties to defend of the public’s rights. This is surely well overdue.

So here is a timely reminder, every business must comply by the 25th May 2018 – not just start the process but complete by that date. That is only four months away. There is a lot to do to get started but we can help you start the journey. Do not leave it to the last minute.

blog comments powered by Disqus
Categories Latest Posts