For most organisations, protecting data is a challenge that’s getting tougher – developments in technology means that organisations today are using data in ways that were unimaginable when the current law, the Data Protection Act (DPA) came into force way back in 1998.
We’re talking about an era of no Google, Facebook or Twitter and desktop computers with less processing power than we all now have in our pockets and purses. An era where you if you wanted to find somewhere you hadn’t been to before you had to ask someone directions or look at a map. Compare that to today when your car’s Sat Nav can take you anywhere in Europe.
When the DPA was conceived, social media and satellite navigation were science fiction. In the coming years, connected cars, fridges, ovens, and more will be designed to make our lives easier but if the past is any guide, they’ll also throw up issues which the law hasn’t foreseen.
Artificial Intelligence, machine learning and sensor technologies will do the same – growing the ‘internet of things’. That’s a challenge to businesses who want to – who have to – comply with the law.
We’re all going to have to change how we think about data protection
Least of all because there’ll be a new law to follow. In May 2018 the General Data Protection Regulation (GDPR) will come into effect both in the UK and across the EU. The GDPR builds on the DPA but provides more protections for consumers, and more privacy considerations for organisations. It brings a more 21st century approach to the processing of personal data. And it puts an onus on businesses to change their entire ethos to data protection: The message about GDPR is continuity and change.
There’s a lot in the GDPR you’ll recognise from the current law, but make no mistake, this one’s a game changer for everyone.
It’s important to get data protection right
All organisations have to get data protection right for consumers (customers and employees) – and for themselves. The GDPR creates an onus on organisations to understand the risks that they create for others, and to mitigate those risks. It’s about moving away from seeing the law as a box ticking exercise, and instead to work on a framework that can be used to build a culture of privacy that pervades an entire organisation.
The GDPR mandates organisations to put into place comprehensive but proportionate governance measures. Good practice tools that the ICO has championed for a long time – such as privacy impact assessments and privacy by design – are now legally required in certain circumstances. It means a change to the culture of an organisation. That isn’t an easy thing to do, and it’s certainly true that accountability cannot be bolted on: it needs to be a part of an organisation’s overall systems approach to how it manages and processes personal data.
But this shift in approach is what is needed. It is what consumers expect. The benefit for your organisation of ‘getting it right’ is not just compliance but also providing an opportunity to develop the trust of its consumers in a sustained way
What you should do now
To ensure you fully comply with the DPA and prepare for the GDPR, we will create a culture of data protection in your organisation by providing expert advice that is pragmatic, training that inspires people to think and care, a consultancy service that acts as an in-house DPO and audits that identify areas for improvement and so reduce risk.
Call DataHelp now on 033 0088 2256