5 key factors for becoming GDPR compliant
I recently joined Digital Leaders South West as a speaker for their first GDPR Salon in partnership with the Corsham Institute.
I shared my understanding of the new data protection legislation and how I fervently believe it to be a great opportunity for the organisations that embrace it.
The Data Protection Act has been in place for the past twenty years – during this time the world has moved on dramatically, with some of the most extreme changes coming from technology and how we use it. Which is why it’s time for ‘out with the old, in with the new’.
In 1998 Google was officially founded, (a year after they registered the domain), we still had mobile phones with a screen no bigger than a post it note, Apple released the iMac and a Furby was the ‘must have’ toy for Christmas.
The true digital age didn’t take off until the early 2000’s when MySpace and LinkedIn gained prominence, followed by YouTube in 2005 and a year later Facebook and Twitter becoming the global phenomenon they are today.
So, the quantities of personal data have exponentially increased and so has the realisation from organisations that they can tap into this data for the betterment of products, services, sales, and I hope, society. And this leads us to the reason why the General Data Protection Regulation will take effect from May this year.
In fact, there is research that shows that individuals are happy to share data – in return for a value exchange. This is something we greatly believe in at MyLife Digital and one of the drivers that led us to create Consentric. So that both the organisation and individual benefit from the use of personal data.
Organisations need to be transparent about just how the personal data entrusted to them is processed – the new regulations help pull this into sharp focus. No more opt-in or opt-out confusion. Positive affirmation is the new kid on the block (the group having disbanding in 1994!).
There are six lawful bases for processing, but no single basis is deemed as better, or more important, than another – the basis an organisation selects as the most appropriate to use will depend upon their relationship with the customer and the purpose for processing the data. These sit alongside the eight rights to empower EU citizens:
The lawful basis for processing can also affect which rights are available to customers. For example:
By adhering to these simple principles, you’re moving in the right direction – and contrary to the myths circulating and scare tactics of some regarding the ICO fines, the ICO will work with you to help as long as they can see you are working towards compliance and have the best intentions at heart. And at heart is where the citizen should be when it comes to your data strategy.
Those twenty years flew by, so goodbye Data Protection Act 1998, hello GDPR! Undoubtedly, data protection will continue to evolve, to stay fit for purpose, as we welcome further advances in technology. I look forward to seeing what the future holds with a chance to look back and see what the past taught us.
By submitting your contact information, you agree that Digital Leaders may contact you regarding relevant content and events.