Post the mad scrabble (for some -perhaps most!) of ensuring GDPR compliance by May 25th it is worth revisiting the implications of living with GDPR as businesses and individuals. It cannot be overstated that we are lucky to have such respect and protection for our personal data and whilst this is often welcomed on an individual basis, as businesses it can feel like a huge administrative burden alongside the demands of daily working lives.
There is no getting away from the fact that GDPR is a ‘big deal’ when it comes to handling and processing data and its not going anywhere even with the debates regarding Brexit plans. The risks of not complying with it are daunting given the level of fines that can be levied by the ICO. However data protection is not a ‘new trend’. Businesses should already be compliant with the Data Protection Act 1998 which has been in effect for nearly 20 years now. GDPR requirements should be attainable with a few necessary adjustments. The Information Commissioners Office pointed out, any new regulation will have some sort of impact on an organisation’s resources, in which respect the GDPR is no different and the ICO has also had to redraft guidance and increase staffing levels in response to GDPR.
If you can avoid thinking of GDPR purely as an administrative burden and more a welcome opportunity to declutter and organise then this will help with resetting a data protection regime that is 20 years old -imagine using the same IT for 20 years? GDPR is intended to be an evolution and not a revolution in data protection. It simply requires more of organisations in terms of accountability for use of personal data and enhancing the existing rights of individuals. The core elements of GDPR are the same as the DPA – fairness, transparency, accuracy, security, minimisation and respect for the rights of the individual whose data you want to process – all things we should already be doing with personal data and GDPR seeks only to build on those principles.
GDPR compliance can be an opportunity to help your business manage data efficiently, reduce the risk you face from data breach and improve your customers experience. GDPR affects us all, and failing to comply is likely to damage your reputation, your relationships and, ultimately, your financial performance. Embrace the evolution!