Personal data and GDPR: handing over the “car keys” with confidence

Car Keys

Written by Stuart Rance, Optimal Service Management at RESILIA

Handing over personal data to an organisation is like lending your expensive sports car to a neighbour and trusting them to keep it safe and sound.

You’d want to know your neighbour respects and values your car, that it won’t fall into the wrong hands or be used the wrong way. In fact, you’d probably demand some guarantees before handing over the keys!

In today’s world, where organizations ask us repeatedly to disclose and share personal details online, we should have the same level of concern for our personal data – and so should organizations.

The analogy of borrowing a car and managing data is a great way to illustrate the issues every organization faces in handling personal data when the new EU-wide GDPR regulations come into force on 25 May 2018.

This means that sharing personal data with organisations is no longer just a trade-off for consumers to get access to better services; it compels companies in law to take real responsibility for obtaining permission, respecting individual privacy and protecting data.

Failure to meet the new GDPR regulations, or suffering a data breach, can lead to hefty sanctions including financial penalties of up to 4% of an organization’s worldwide turnover. The stakes are high, so it is vital that data protection procedures are robust.

A new downloadable guide – GDPR: Beyond Compliance –shows how a strong cyber resilience strategy is integral to the managing data protection.

The guide highlights how training within organisations will give management and staff an understanding of the procedures or activities needed to meet the GDPR challenge including:

  • Identifying what personal data your organisation holds, why and where it is
  • Building in the concept of data privacy from the outset
  • Creating common approaches to data governance
  • Devising policies and ensuring compliance
  • Risk management
  • Being prepared for audits.

Under the new regulations, it is necessary for organizations to show there is a formal GDPR management system in place to protect the data.

RESILIA’s governance, risk and policy management guidance also provide a framework to meet GDPR compliance by identifying where staff training, especially from IT, legal or HR departments, is needed so that they all understand the importance of managing personal data.

GDPR also presents business opportunities. By knowing exactly what data you have, and where it is held, enables you to better understand your customers. The data can be used to develop and deliver more targeted goods and services and secure a vital competitive advantage.

So, no matter the personal data you hold GDPR ensures that you protect it by having the right policies and procedures in place. It is just like when you hand over those car keys to your neighbours. They become the car’s custodian and you expect them to be responsible and keep it safe and secure.

This was originally published here.


More Thought Leadership

Comments are closed.