Starting with the basics, what is GDPR?
General Data Protection Regulations, or GDPR, has resulted from a European Union directive which looks to standardise the handling of data across the whole of the European Union.
And why is it happening?
The original data protection legislation was introduced in 1984 and then updated in 1998. Over that time, with the advent and growth of the Internet and the rapid advancements in technology the current legislation has lagged behind and this is a chance to make it more fit for purpose.
We must also recognise we are operating in an increasingly global market where companies are often operating in different countries from their customers hence the need for a standard set of regulations that can operate across boundaries.
So, what does it mean for the way we handle data?
We will all have to consider whether the data we are accessing is necessary and how we use this data to achieve business goals. In doing this, we must be transparent with the data subjects so that they can make an informed choice on whether or not they wish to take advantage of the Neyber services.
And this is all to protect the consumer (or data subjects)?
Greater transparency and greater control on how and where their data is used. We all know how irritating it can be when we receive a call from a company offering to help with your ‘car accident’ and you wonder how they got your contact details!
What business areas are likely to be most affected by the new laws?
If you consider every area of your business that handles data whether this be from your staff, customers, clients or suppliers then it is very easy to see that GDPR impacts on every area of a business.
It is an opportunity to look again at systems, and put processes in place to ensure these continue to serve the business needs with perhaps some cost savings due to old systems becoming redundant.
What do you think businesses can do to prepare for GDPR?
I believe the starting point for all businesses is to understand what data they hold, how this data is used and where it is stored. Until you have those answers you cannot understand how current processes will match against GDPR requirements and consequently consider any changes required. This data gathering process is a time-consuming but essential activity for GDPR preparation.
As Head of Compliance, how will it affect what you do day-to-day?
GDPR touches on every aspect of the business and we need to work with all business areas to review current policies and procedures to ensure these will be aligned with the new regulations.
Although it may mean more work for businesses, is this a positive move in the right direction?
Absolutely. Whilst it may take some time to become fully familiar with the new legislation and inevitably there will be further changes in the legislation as teething troubles are ironed out, this will create a standard operating model for gathering and using data no matter where data users are located and customers are more in control of what businesses they choose to engage with.