The Press and Journal (Inverness, Highlands, and Islands)
View GDPR as springboard for next big technology leap
When General Data Protection Regulation (GDPR) comes to mind, think evolution of the law – not revolution.
Headlines to date seem to have focused on the size of the fines that the Information Commissioner’s Office (ICO) could possibly enforce after May 25.
However, the biggest threat to organisations is actually reputational damage and business disruption if they are unprepared for the changes in data protection law.
GDPR applies to “controllers” and “processors”.
A controller determines the purposes and means of processing personal data, while a processor is responsible for processing personal data on behalf of a controller.
If you are a processor, GDPR places specific legal obligations on you – for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved – GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
Privacy by design is an approach that promotes privacy and data-protection compliance from the start, a step that the ICO encourages.
Organisations need to ensure that privacy and data protection is a key consideration in the early stages of any project, and then throughout its lifecycle.
Don’t treat May
25 as a hard and fast deadline – however do make sure that you plan now, begin understanding the data you process (and value) and accept that this is a journey and not just a compliance checklist.
View GDPR as the springboard for the next big technology leap. Getting privacy right now can build trust points that might be needed later on.
My advice to any businesses not yet started is to take the pragmatic approach and get to know what data you currently process and check compliance with the existing Data Protection Act and Privacy and Electronic Communications Regulations.
From there, create your gap analysis and plan how to implement any changes going forward.
•Aberdeenshire-based 4_ttude is helping businesses prepare for the new General Data Protection Regulation