In a recent speech, given at the Association of Chief Executives and Public Chairs' Forum joint event, Elizabeth Denham (ICO Information Commissioner) addressed the positive impact GDPR is set to make when it is implemented in May.
The GDPR, she stated, is “the beginning of something new, but it is an evolution of what’s gone before. It builds on what was good about the Data Protection Act and brings it in line with our 21st century world.”
The GDPR provides a stronger framework for businesses and individuals
The incoming regulation applies to the personal data of individuals living in the European Union and is designed to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
As the single biggest update to data protection law in twenty years, it gives greater control to the individual on how their data is used and also requires businesses to be transparent and accountable for the actions in regards to data processing.
Elizabeth Denham highlighted that “GDPR rebalances the relationship between individuals and organisations.” However, she also admitted that whilst this is good news for everyone on a personal level, stressing that the GDPR provides a stronger framework for the individual, it might not be seen as a positive move by all businesses. Although, she believes it should be.
“Those organisations that thrive under the new rules will see the GDPR as an opportunity to commit to data protection and embed it in their policies, processes and people.
Those that merely comply, that treat the GDPR as another box-ticking exercise, miss the point. And they miss a trick.”
It’s time to see the GDPR as a Business Opportunity
At the moment only one in five people living in the UK trust organisations to look after their data. The GDPR offers business the opportunity to address this disconnect. Elizabeth Denham states that: “The UK is a leader in data protection […] and the government has made clear its intention that we retain our world-class status as well as making the UK the safest place to be online.”
By committing to data policies that embrace the GDPR, businesses will be prioritising the security of the data they hold. Looked at this way, this makes positive business sense. GDPR is a perfect opportunity for businesses to take control of their data.
The silver lining of this approach is that companies that take control of their data with also gain greater insights into the information they hold. On average, 80% of an organisation’s data is DROT; that is duplicate, redundant, obsolete or trivial. GDPR presents the ideal situation to begin assessing the way a business stores and uses their information.
The Public Sector should not be complacent about the GDPR
One thing that Elizabeth Denham particularly stresses during her recent speech was the danger of complacency when it comes to data protection in the Public Sector. It is vital to see that, “This is a critical time to refresh your policies and processes, to upgrade your staff training and revisit your approach to data protection.”
She contrasted the seeming complacency in the Public Sector with the panic she has observed in the Private Sector:
“When I speak to the private sector, I can sense the panic, but also the incentive to get it right. So many businesses feel like they are starting from scratch – it’s one of the reasons why we’ve set up helplines and targeted resources to help them prepare”
It is vital that Public Sector organisations avoid being complacent about the GDPR. It’s time to stop viewing the changes as a chore but instead bring the focus back to what the new regulations aim to achieve. She concluded, “Data protection is a critical part of ensuring you have the social license to innovate with data – you have to take the people with you.” We couldn’t have said it better ourselves.