The Courier & Advertiser (Perth and Perthshire Edition)
Confusion over changes to data rules
With just two days to go until the new General Data Protection Regulation (GDPR) comes into force, Fraser Kirk, head of publicity at Perth headquartered marketing and PR agency Volpa, considers what the future looks like for businesses operating under the new regime. He also cautions that there is no ‘finishing line’ when it comes to business compliance in data handling.
Even with such a short period of time before the most significant change in data protection since the introduction of the Data Protection Act (1998) comes into force, many companies are only just beginning to realise they will be affected by the changes and need to act quickly.
Having hosted numerous GDPR training sessions in Tayside over the last six months, we have heard, first hand, just how confused the general business community are.
They are struggling to come to terms with the implications of the new regulations on their individual businesses and sectors.
Call times to the Information Commissioner’s Office (ICO) helpline – the regulatory body – are reportedly reaching into hours, so it would be safe to say confidence in compliance is low.
A common ask from businesses is for confirmation they are GDPR ready, though this indicates a ‘finishing line’ and one doesn’t really exist when it comes to data protection.
Most businesses we speak to are frantically implementing a re-consenting programme to safeguard existing databases.
However the problem exists in what we are asking consumers to consent to.
As technology continues to progress at an ever-increasing rate, we do not know the opportunities available in even the most immediate future.
While the ICO and their fines of up to €20 million, or 4% of annual global turnover – whichever is higher – is scary enough, most businesses fear the burden of ongoing data management and their responsibilities to respond to public requests.
Some businesses have opted to delete data and look for more straightforward communication channels.
For the public I predict that, apart from receiving a multitude of re-consenting emails, little effect of the regulations will ever be felt or understood.
I also believe it is the man on the street that businesses should fear, rather than the ICO.
The core purpose of GDPR is to put control over personal data back into the hands of the individual.
With such a lack of understanding, businesses are going to spend a lot of time responding to information requests that will prove burdensome for even the biggest of companies.