GDPR will make data misuse very obvious

Simon Clayton stresses that data about other people belongs to them not to you
It’s occurred to me that GDPR (General Data Protection Regulation) isn’t wildly different from the Data Protection Act that it replaces – except in one major and hugely ground-breaking way.
The overarching goal of GDPR (enforceable in Europe from May 25 2018) is one of transparency and fairness. Its main mission is to encourage companies to be transparent in the way they are storing and using people’s personal data and that they are fair in the decisions they take regarding that data.

The transparency aspect is critical to GDPR and so companies need to be aware of this. If you aren’t being totally transparent with what you are doing, then it will be blindingly obvious to everyone involved that you are not doing so. There’s the rub – and that’s what makes GDPR so different to DPA.

The DPA was good legislation but it could be adopted (or not) behind closed doors; if a company didn’t comply with the DPA then it was very unlikely that they would ever be found out, unless of course they confessed to a huge data breach.

But, with GDPR, unless you are totally open about what you are doing, then it will be screamingly obvious that you are not complying and then people can report you.

Being transparent means that you must have a clear and readable privacy policy detailing exactly how you will use people’s data and how long you will hold it for. It also means that you inform people that you have their data and that you have clear internal policies that you personally would feel comfortable to stand behind if the ICO ever did perform an audit.

Being ‘fair’ should encourage companies to adopt a completely different mind-set towards the custodial approach they have about their data. You need to adopt the attitude that ‘your’ data does not belong to you any more – it belongs to the individual and that individual has simply loaned it to you for a specific reason and for a given length of time.

Respect needs to be woven into every decision taken towards how that data is used and for how long it is kept. That data is on loan and is only in your custody for a reason. Be respectful, treat it as you would want your own personal data treated and be open and transparent with your policies – because it will soon become very clear if you are not.

[Editor’s note: GDPR applies to data held on European citizens, no matter in which country the data is held]

The new kid on the block
Technology should simplify things


No comments made yet. Be the first to submit a comment

Popular Posts

Sydney Paulden
09 October 2013
My mobile rang and I reached into my pocket with difficulty to answer it. ‘Sydney’, said my acc...
177853 Hits
Sydney Paulden
24 October 2013
There is always an exception to the rule. The world continues to complain about sluggish economi...
115188 Hits
Sydney Paulden
25 November 2013
Should something be done about it? And if so, what? Requests for quotations for events are ...
93563 Hits
Sydney Paulden
09 December 2013
How can we get more accurate global statistics?e In 1989, I read in a national newspaper ...
88874 Hits