GDPR (General Data Protection Procedure)
The GDPR will introduce several key changes, which UK organisations will need to comply with by May 2018. Headlining among these new elements are:
Mandatory appointment of data protection officers for large firms
Mandatory breach notification within 72 hours of an incident
Fines of €20m or 4% annual global turnover – whichever is higher (I wish!)
Right to be forgotten
Right to data portability
Data protection by Design and by Default
As an individual, you’ll probably be most interested that the companies that hold your data are doing so responsibly, and for all the right reasons: To be fair, most are! Take John Lewis as an example … It’s just not in their best interest to mess with our personal data or to ignore their responsibilities; it would be catastrophic to their business. Sadly, many small businesses are not yet up-to-speed on what is going to be needed. I regularly receive marketing emails from small companies who give me no “opt-out”, and I continue to get them month in, month out with no way of stopping them. Those of you who get my monthly epistle by email will notice that there is always an opt-out (unsubscribe) option at the bottom.
GDPR applies to the data controller (organisation), and to the processors (service providers) that the organisation uses and they should both be concerned about the following to be compliant by May 2018 …
Conduct a data audit to find out what data they hold and how they are using it
Classify data according to sensitivity and their organisation’s risk appetite
Data Loss Prevention (DLP) technologies to prevent accidental and deliberate data leaks
Staff awareness and user education training programs to focus on data protection
Regular testing to check the resilience of systems to attack
Develop an incident response plan to ensure you can report within 72 hours
So what do you, humble reader, need to be worried about in your simple life? Not much really as most of the regulations do not apply to domestic use like your email address book or the phone numbers stored on your mobile. However, there are things that you can do that will help …
Don’t send group email that leave visible all the names and addresses of each recipient
Keep your phone locked with a pin or fingerprint so that if you lose it nobody can access the data
Be bold with the marketeers and tell them to stop sending your unwanted emails
Don’t give away personal information easily; always ask yourself why someone wants it first
If you’re worried, ask what information a company hold about you.
As always, if you need any help, you know where to come!
Added: 12th October 2017