Is GDPR a case of mistaken identity or missed opportunity?
Some questions for you? Call it a little test…
Is GDP the same as GDPR? Is the EU the same as the EC or EP?
In a world where acronyms and alphanumeric combinations are a huge part of how we communicate, these seem to be important distinctions and areas where it might be possible to create confusion.
Well, let us try to explain. GDP or Gross Domestic Product is perhaps the most talked about economic concept. It measures the size of a country’s economy and its health over a period of time (usually one quarter or one year). It is also used to compare the size of different economies at a different point in time.
OK, clear so far?
Right then – what is GDPR? Why is it so important to us all? And is it the EU’s passing shot at the UK before we enter Brexit’s final straight? That’s an awful lot to chew over.
So lets add a bit more for good measure. There are also a lot of misconceptions surrounding GDPR (General Data Protection Regulation) and it’s important that we clear those up here.
With events like ‘alleged’ Russian interference in the US Election and also, potentially, the Brexit Referendum, data and data protection are hot, hot topics seldom far from the news we consume.
Here is our view – and we’re sure that many will think differently, but lets go anyway!
Misconception one is that GDPR is related in some way to GDP – step away from that assumption!
Misconception two is that General Data Protection Regulation is all about providing a technology solution. Please don’t think that, because it’s a huge mistake and will play into the hands of the technology providers who believe it’s their next big growth trigger.
What is important to understand is that GDPR it is going to affect all businesses in Europe regardless of their size, turnover or headcount. The new law means your business has to be demonstrably compliant, which doesn’t sound too bad except that it means you can potentially get caught on a lie – a bit like having a train ticket (which is good) but you’re travelling with it on the wrong day (which is bad!)
The EU website states “The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy”.
Here’s where it begins to get interesting because so few of us know what that really involves! The ICO (Information Commissioner’s Office – if you didn’t know already) states that you should provide all staff with awareness training on their data protection responsibilities as well as specialist training for key staff to be compliant.
There’s that word again – compliant! But with what and too whom?
Time to go back to the ICO – you remember those guys and gals from the previous paragraph. They have a 12-point plan for measuring compliance (of course they do!) and it covers the following: –
2. Information you hold
3. Communicating privacy information
4. Individuals’ rights
5. Subject access requests
6. Lawful basis for processing personal data6
7. Data breaches
10. Data Protection by Design and Data
Protection Impact Assessments
11. Data Protection Officers
Get all of those covered off and you’re compliant up to the hilt. But here’s the thing!
In Idealogy’s world it means that we have to be ultra careful about the data we manage on behalf of our clients. Have their prospects given their permission to receive digital content? Have they opted in (or out) of specific data transfers? Are we, as a service provider, being careful to monitor these data interactions and being careful that we don’t exceed the amount of contact our client’s prospects have agreed to? And have we appointed someone to oversee that compliance, for data used in the UK and overseas, and to report any kind of data breach or infraction? Is that person going to be called a CDO?
I don’t know about you but it feels as if the EU is determined to make the management of data a ‘front of mind’ topic as all of the allegations, and often misuse of, campaign data come to light. And whilst its an interesting subject and we can all see what happens when you don’t pay attention at milestone events like elections, it seems as if they have decided that the bill for new regulation should be paid by us, the businesses.
For some SME’s, that might be a hefty price to pay, because we’ll be forced to employ people we have never thought of, at the expense of people we think about all the time.
So maybe, in the end, GDPR isn’t so different to GDP.