Most of us started to hear about GDPR about six months ago when we were told normally in a very scary manner that new European legislation was being introduced to restrict our use of personal data that carried enormous big hairy fines.
At that stage we had just voted to leave Europe so many thought we could give it a stiff ignoring. Little did we know that it had already been enshrined in UK Law from April 2016 and the May 2018 date is merely the date it would be enforced from by the Information Commissioner.
Well - to most of us previous experience of the Information Commissioner involved stories of fines for large scale breaches normally as a result of a cyber-attack. We hadn't suffered one of those and some businesses were not registered with the ICO so we were unlikely to be involved in the new regulation. Besides we don't hold much personal data anyway and many cry our work is all B2B, we don’t process any personal data.
Elizabeth Denham, the Information Commissioner, is determined that we look at personal data differently in every aspect of our work and organisation. After all, data has now become big data and our personal information is far more accessible than it has ever been; Cyber criminal activity is proliferating at a phenomenal rate with organised crime having latched on to the considerable rewards available at low risk. The last Data Protection legislation was the Data Protection Act of 1998 and that was a fairly toothless piece that was designed in a very different time as a result of a European Directive. In 1998 President Clinton was impeached, Bill Gates was denying that touch screens had any future and a computer filled half a desk.So it is about time we stopped others from exploiting our public profile exposed through our personal data. It’s about time that our own information was better protected and used only as we want it to be. It’s about time that we can stop unwanted calls or mail that waste our time and only add to our trash. Now if we want this it’s only fair that we do the same for those whose data we hold in our own organisations.
Better data leads to more efficient working, better processes avoiding nugatory work and running an efficient and effective organisation. GDPR is evolution, not revolution, and it is not designed to stop us working just to make us work and think differently about personal data. This cultural shift in the way we think about and use data is an important aspect as we work towards compliance. The tone has to be set from the top and this has to be in a positive way and in the same way as any organisational transformation programme.
Many organisations we are working with are seeing the real benefits from carrying out their gap analysis to determine their current position and then, from mapping and creating their data flow maps, this enables all the risk areas to be identified. Most importantly it identifies the processes we are carrying out just because we have always done it that way.
If you need practical, sound help and advice as to where to start your GDPR journey then get in touch and we will ask one of our EU GDPR Practitioners to give you a call.
Contact Sampson Hall on 0844 848 9594 or email firstname.lastname@example.org