GDPR………. What is it, what are your obligations and what does it mean to your business?
Hi and welcome to my first blog. If you’ve clicked this far, I’m guessing you’re looking to find out more about GDPR and Data Protection general?
Before we start, here’s the honest part. Data Protection isn’t viewed as sexy or exciting, however, what I can promise is to keep it as engaging as humanly possible.
I talk openly and candidly, whilst trying to demystify a lot of the nonsense you’ve been fed over the last few years. Whilst it’s a risk to ‘over simply’ the Regulation, my pragmatic approach has added huge value to central government clients and a number of large Financial Services and Retail firms….to that end, you’re in safe hands!
I’m going to start right from the beginning. Why? Because latest statistics indicate that over half of UK businesses still remain non-compliant and have yet to embark on their GDPR journey.
So, without further ado, what is the General Data Protection Regulation?
Well, in simplistic terms, a number of stakeholders from Supervisory Authorities in the EU got together and decided that the privacy laws needed updating, particularly as the last update was back in 1998!
The last 20 years or so has seen the greatest leaps in technology since time began. Just take a moment to think back to what we had in the late 90’s compared to now.
Mobile phones only made calls, social media was unheard of and the internet was in its infancy. Imagine if you’d told someone you could speak to anyone in the world from the palm of your hand, 20 years ago, the looks you would’ve got had you said you could pay for your shopping by tapping your phone onto the card reader……and don’t get me started on retina scanning, voice recognition and fingerprint identification.
I guess what I’m saying here is that someone, somewhere, thought we needed an updated Privacy Law that was more befitting of the technology we are now using in the 21st Century! In summary, we’ve moved on…..MASSIVELY! The rest, as they say, is history.
So in 2018, the Data Protection Act 2018 came into being, complementing the GDPR, whilst replacing the outgoing Data Protection Act 1998.
Given how the GDPR came about, you might be forgiven for thinking that the Regulation effects only European Countries. In fact, any organisation, regardless of where they are in the world, must comply with the regulation, if they process the Personal Data of EU Citizens.
So, what were the big changes under the GDPR?
Well, the obvious difference were the Fines that can be dished out by the Regulator. Previously, the biggest punishment the ICO could hand out was £500k. Now, you do not have to be a Finance guru to realise this was little deterrent for most organisations, particularly as a privacy programme could perhaps set an organisation back millions of pounds. In their eyes, it was perhaps worth the risk?