The European Union General Data Protection Regulations (or EU GDPR for short) is the update to the current UK Data Protection Act. It will impact all business and how we deal with data online.
Current Data Protection legislation was launched in 1998 and has improved the way businesses control our personal or sensitive data.
Increasingly if you are like me, you find yourself questioning on a daily basis, why more and more people are able to gain my details and send me junk mail and spam, or monitor my activity on websites.
How is this possible if I have ticked the TPA exclusion boxes or put exclusions on my BT line?
The fact is that data protection requirements were written for a different time, so what was a compliant use and retention of data is now not fit for purpose.
Perhaps the legislation was not unreasonable in 1998…….
Where were you 20 years ago? You may have had a computer with a floppy disk and a processor far less powerful that a mobile device today.
I still have my BBC commodore so can quickly prove this to be true!!
- There was also no Facebook no Google, no Twitter, Instagram to name a few.
- An iPad didn’t exist, a tablet was still something prescribed by your doctor.
- Robotics amounted to watching K-9 on Dr Who!
In fact, everything was different … including control and access to data.
Bring the clock forward to a far more technologically advanced world…
EU GDPR In The Modern World
Where we rely almost whole-heartedly on data for almost everything we do whether on PCs, laptops or our mobile devices.
How dependant; well you only need to take a mobile phone away from your 15 yr old son or daughter and it feels to them as though the world has ended!!
We rely on technology now to make our lives easier; with saved passwords on our devices or easy click links to save us time searching. Even ‘one click’ check out on an online store, never having to leave the front door.
And in the immediate horizon we have new technologies coming in the vast array of IOTs (Internet of Things) like Alexa doing what we ask under voice command or Amazon Echo. In each and every case, all of this new world is dependent on technology which itself is heavily dependent on data…… our data whether financial, sensitive or behavioural.
EU GDPR And Why Data Needs To Be Secure
This is the very same data that cyber criminals are desperate to get hold of for their own ill-gotten financial gains.
The increase in ransomware and cyber-crime is escalating way too fast. Faster than technology itself and faster than cyber protection regimes.
This growth in cyber-crime is evidence itself that the data legislation and requirements to control data are currently too weak.
So, as data is now the new gold, organisations need to rethink about how it is sourced and how it can be legitimately used and ………. protected.
As individuals, we need to think about who we allow to have our data in the first place (are we really going to continue to give our personal details to allow us to use an open or public Wi-Fi networks??) and exercise our rights to know what users will do or are planning to do with it, and how that data will be managed and secured.
What Is the EU GDPR About?
This in a nutshell is what the GDPR is all about, new legislation and new requirements to keep our data safe.
The answer to the question “should I be doing something about GDPR” is undeniably YES you should, we all should.
What do we need to do as the GDPR doesn’t come into effect until 25th May 2018?
Our responsibility now is to start readying ourselves for the new world and legal requirements.
But there remains a lack of true clarity as to what exactly is required for the GDPR for each sector and business as this is still being finalised by the Information Commissioners Office (ICO).
EU GDPR And Brexit
What we do know from the ICO is that Brexit will not impact the UK implementation and therefore UK businesses need to be GDPR compliant.
Doing nothing is NOT an option.
GDPR will see some hefty fines for non-compliance should you need any further convincing.
We all need to recognise that data protection is not just about the legislation and being complaint, it is about our duty as businesses owners to keep personal and sensitive information we have been entrusted with secure.
Elizabeth Denham, Information Commissioner has commented “We’re all going to have to change how we think about data protection.”
“It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.”
With fewer than 1 in 4 of us trusting organisations with our data, there is clearly opportunity for improvement.
This topic is too complex to cover in a single blog. For more information, check out this blog on the key questions you should be asking about GDPR and the consequence of non-compliance.
Or visit some of the excellent content available from the ICO here.
Of course, if you are too keen or anxious to wait, or simply find the thought of having to create a new security policy and processes for data protection a minefield, then get in touch for some jargon free advice on how to ensure your organisation can be EU GDPR ready.