Posted by Charlotte Ebbutt, Associate
If you find GDPR irritating, you’ve probably missed the point – here is why…
There was a good deal of irritation within the business community at the resources required to adequately safeguard their data when the GDPR first came into force. There are however some significant advantages to this new focus on data security:
We are now entering an age where the power of an individual’s data is apparently shifting. This means there is;
• New protection in the digital age
• New powers for individuals
• New responsibilities for businesses
But a focus on these advantages can help set the need and the benefits for GDPR-compliance in context.
Take back control of your identity
As a result of the recent coverage of data passed on to third parties from the social media site Facebook there is a greater awareness of data harvesting. There are a handful of very large organisations whose business is to collect data from the trails that we leave, and to analyse that data for their clients. The analysis can be called upon to determine anything from whether you are offered a job to whether you are authorised for a loan facility. The data shows up risk factors in your lifestyle, reliability and the potential impact of linking you with an organisation’s reputation. These decisions are happening all the time without us being aware of them. We could all benefit from the greater control of our reputations and opportunities afforded by the stronger data regulation regime.
Greater defence on a new battlefront
The increase in cybercrime perpetrated as the new form of warfare, with some countries having significant numbers of highly able specialists whose sole role is to undermine the culture of another country. This means that we all need to be more aware of data security. Not only the way in which we treat data that is in our own hands but also how we see our own data being treated. Our level of data education needs to adapt to the changing environment and we need to question more how our sensitive information is being safeguarded and who we are handing it to. We can all play our part in at least enabling early detection of the penetration of systems such as the NHS.
A force for global good?
There are many millions of individuals worldwide who are using social media but whose countries do not have robust regulatory regimes working to safeguard their personal data. Mark Zukerberg’s stated aim is to apply the GDPR standards of safeguarding to the data of Facebook’s users worldwide. If implemented, this will result in significant protection of the rights and freedoms of individuals who are currently without access to recourse as a result of financial constraints or simply because it is not available. Whilst a good number of those individuals are based in the UK, these changes motivated by the financial impact of regulation in the UK and the US will be felt globally.
Power and control – for people and for businesses
There is also a requirement for all businesses to ensure their processes are compliant and to keep records of all data processing activities for inspection on-demand by the Information Commissioner’s Office. This fundamental requirement of GDPR is to ensure that businesses are absolutely clear as to why they are collecting an individual’s data, have secured the right to do so, and then have the means of securely managing it, accessing and deleting it.
A positive view is that where all this aligns, there will be improved data-handling efficiencies across all areas. Enhanced efficiency and confidence in data protection in the digital age builds better relationships with customers. It also mitigates against reputational and financial risks.
So GDPR isn’t so bad after all, is it…?