“You need to have sleepless nights about this”, was one of the wake-up calls delivered by John Godwin, Director of Compliance and IA at UKCloud, during his recent Corsham Institute (Ci) ‘Insight’ Talk about the General Data Protection Regulation (GDPR).
In May 2018 this new and far-reaching framework will be implemented to give citizens more control of their personal data and to unify data regulations for any business either based in, or doing business in, the EU.
The European Commission has produced this somewhat ‘revealing’ video to warn of the dangers of not taking control of your personal data.
The Regulation at over 200 pages is complex and not withstanding Brexit, will affect every business, organisation, charity and person within the UK. Even after the UK has left the EU, GDPR will transform the handling, storing and use of personal data especially for any non-EU organisation providing goods or services to the EU.
The UK’s Information Commissioner’s Office has a website for the posting of information about the reform of data protection legislation and they have also produced a 12-step checklist to help organisations prepare for GDPR, including information on reviewing what data you hold, privacy notices, consent, safeguarding children, your suppliers’ procedures and the need for Data Protection Officers. The link to download the checklist is at the end of this post.
GDPR will transform the use of personal data and as John Godwin outlined in his talk at Ci, the costs of getting it wrong will escalate sharply, from a maximum current penalty of £500,000, up to the larger amount of either 4% of an organisation’s world-wide turnover or a fine of up to €20million, with a 72 hour mandatory time period for the reporting of any data breaches.
At Ci we recently launched our Thought Leadership Consultation Report on Trust and Ethics, which called for the creation of a more enlightened and ethical digital society, identifying the need for a public-led framework to help citizens understand the rights and responsibilities of different parties when using their personal data.
With the planning for the implementation of GDPR and the mandatory changes in the use of data it will bring for Government departments, large corporations, SMEs, the self-employed, schools, charities, clubs and societies, perhaps it is also the opportunity to kick-start a debate over a digital charter and social contracts to which everyone can sign up, to ensure a common ethical purpose across all society for the use of data, to both protect and enable the digital citizen.
To find out more about our Thought Leadership Consultation Report and our Thought Leadership Programme, please visit the Programme’s page on our website.
John Godwin’s Twitter feed regularly features commentary and updates on GDPR matters. The account to follow is: @johngodwin1
To download the ICO 12-step checklist to prepare for GDPR, please click here.