DPA 2.0: Get your business ready for GDPR
In 1984, there were several notable creations including the Apple Macintosh, Ghostbusters and, of course, the Data Protection Act.
Designed to safeguard consumer data, the DPA regulates the way businesses keep and process personal information. And, although it was revised in 1998 (the year of – surprisingly – Windows 98, and The Truman Show), the Data Protection Act finds itself somewhat lacking in 2017, after almost 20 years of explosive digital progress.
Its replacement, called GDPR (General Data Protection Regulations) will come into effect on 25 May 2018. Although that seems a while away, GDPR is far more intricate than the DPA; it consists of 160 points and is designed in part to regulate digitally-stored data more effectively.
Back in 1984, the amount of customer data available was pretty limited. These days, it can be exponentially more detailed. Methods of storage have changed, too; it’s no longer filing cabinets or that green-screened computer in the corner of the office – nowadays, thousands of files can be kept on a keyring or in the cloud.
Make no mistake, the GDPR regulations are there to protect the consumer, and they do so vigorously. Your business will be required to:
- Keep thorough records of how and when an individual gives consent to store and use their personal data. Not in the form of a tick-box, but a very transparent audit of consent.
- Document what information is held, along with evidence of where it came from and who it has been shared with. If you have inaccurate data and have shared that with another organisation, it’s your responsibility to pass that message on, so accurate updates can be made.
- Check that your processes are in line for how you might delete or provide personal data upon request. There are several ‘rights’ that the GDPR considers:
- The right to be informed and have access to the data held
- The right to have erroneous data corrected
- The right to request that data be deleted
- The right to data portability – an ability for consumers to obtain and reuse their personal data across different services
- The right to object to data being processed in specific ways, including automated decision making
- Ensure that you have the right protection in placeto detect, report and investigate a personal data breach
These are just a few of the measures included in the new regulations – all of which you’ll need to comply with fully to remain on the right side of the law. For a long time now, consumer data has been an increasingly important part of being in business. From 25 May 2018, GDPR regulations will reflect just how important it really is. Be assured, it’s too important to leave your preparation for it until the last minute.