The GDPR is an issue for the boardroom

If you’re a regular visitor on our blog/news page, you’ll have noticed that we’ve been badgering on for quite some time now about the GDPR and its vast consequences. “Huge fines” and “damaged reputation” are terms we seem to have used over and over to best describe the effects of the GDPR.

To help put our point across we thought we’d share this excellent video by the ICO of Information Commissioner, Elizabeth Denham talking about how the GDPR is an issue for the boardroom. Elizabeth fluently explains…

One year – 365 days that’s all you’ve got until the biggest change to data protection law for a generation. You’re already aware that the law is going to require your organisation to make changes and this is going to need board level support. Here’s why it matters…

The new law equals big fines for ‘getting it wrong’. If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage your public reputation and your bank balance. That makes data protection a boardroom issue!

Get data protection right and you can see a real business benefit. Accepting broad accountability for data protection encourages an upfront investment in privacy fundamentals, but it offers a pay-off down the line – not just in legal compliance, but a competitive edge. Whether that means attracting more customers or meeting pressing public policy needs, there’s an opportunity for companies to present themselves on the basis of how they respect the privacy of their customers. This can play a real role in consumer choice. Now is the time to act!

The GDPR provides more protection for consumers and more privacy consideration for organisations. It brings a 21st century approach to the processing of personal data. The real change for organisations is understanding the new rights for consumers. Citizens will now have stronger rights to be informed about how organisations (like yours) are using their personal data. They’ll have the right to request that their personal data is deleted or removed if there’s no reason for that company to carry on processing it.

There will be new rights around data portability and how they give consent. But at the centre of the GDPR is the concept of broader accountability of how organisations control and store data. The GDPR brings into the UK a trend that we’re seeing all over the world – a demand that organisations understand and mitigate the risks that they create for others, in exchange for using a person’s data.

How can I help you address that responsibility? The ICO has a wealth of material on their website. It’s your responsibility to ensure somebody within your organisation is responsible for the protection of personal data and is reading our (The ICO’s) detailed guidance. You’ll need to be having a conversation on whether the law requires you to appoint a designated data protection officer, if so, that officer will need to operate independently, be adequately resourced and report to the board.

Finally, it’s worth noting that Brexit will not stop this law change next year. Organisations must be ready by the 25th May. One year to go – no time to waste

Share This: