Data protection laws protect individuals from the misuse of information about them. Updated laws give individuals more control over their personal data as the digital age develops and evolves. Information is easily transferred nationally and internationally, making data protection a complex global issue. Any worldwide organisation can hold data on UK and other European citizens. The introduction of GDPR clarifies individual’s rights and what companies that process personal data must do, to safeguard these rights. All companies and organisations that deal with data relating to individuals must comply with GDPR. Most companies process personal data on a regular basis. Non-compliance with the rules and regulations can result in heavy fines of up to €20m (or 4% of global revenue, if higher),and result in badly damaged reputations which are difficult to rectify.

 

The History of GDPR

The development of Data Protection in the UK can be traced back to the 1970s and the first Act was passed in 1984. The current Act follows the provisions of the EU directive and ensures the rights of individuals to have their personal details kept private, up-to-date and lawfully used.

The Data Protection Directive (1995) helped define rules on information management. However, these directives were not fit for purpose with the digital age and something else was needed to deal with the modern digital needs of businesses and processes.

Digital technology has transformed almost every aspect of our lives since the Data Protection Act 1998 was passed.

Leading on from this the Data Protection Act 2018:

• Made our data protection laws fit for the digital age in which an ever increasing amount of data is being processed.
• Empowered people to take control of their data.
• Supported UK businesses and organisations through the change.
• Ensured that the UK was prepared for its future after leaving the EU.

GDPR requires clear consent which means that data held on individuals must only be used for the purpose intended. The definition of that data in this respect covers not only names, address, emails, and telephone numbers, but also social media updates, pictures and IP addresses.

 

The Need for Data Protection

The majority of organisations will now be recording and holding customer and employee data. In the era of the Web that we now live in data based on our search histories, transactions, preferences, and interests is used by companies to derive marketing strategies. Organisations also use data to protect themselves by looking to identify behaviour that may be seen as indicative of fraud or other criminal misdemeanours.

GDPR has also been viewed as a catalyst for change as it drives the need for companies to introduce new data management structures and revise workflows to drive out efficiencies. Although GDPR may be seen more as a defensive measure it has the capabilities to stimulate and create business opportunities. Forward looking companies will use GDPR as a catalyst for improvement and transformation across websites and apps reinventing the company brand and how it does business.

 

Taking the right steps

Act now and put the right process and tools in place to allow GDPR to become more manageable. This will provide your company with a leading edge and enhance your status for employing “best practice”, providing a platform for better data insights.

Undertake a Data Protection Impact Assessment (DPIA) by conducting an audit of all your data in conjunction with a gap analysis, and a review of processes and workflows. This will be a good start towards taking the right steps.