New legislation due to arrive in the coming months
Fiona Mulvaney – Waterford Technologies
It’s about three years since the European Union first announced that it was going to do a complete over haul of data protection. Recently the EU has indicated that the widely-awaited General Data Protection Regulation (GDPR) will come to fruition before the end of the year. No matter what your type of business you are in be it financial services, healthcare, the legal sector, manufacturing or the public sector, this legislation is coming & it will have major implications not only for the way data is handled, processed and stored but also on how to deal with requests from individual citizens to search, delete or forward data.
Recent research in the UK suggests businesses are not ready, indeed it revealed that “50% of British IT decision makers are completely unaware of the forthcoming legislation, let alone prepared for the financial impact it may have on operational budgets”.
So what should I do to get ready to comply with this new Data Protection Law?
John Culkin, director of information management, Crown Records Management provides us with an excellent summary of the five key areas in which companies can prepare for all eventualities in an ever-changing data environment by adopting basic principles of data collection, storage and destruction. These are steps which will not only place companies and organisations in good stead when the new EU Data Protection Regulation finally becomes enshrined in law but will also have a positive impact on operational health.
- Spring-clean your data: understand its value:
Start with an audit to distinguish how much data currently stored actually needs to be kept. Is it ‘records’ or in fact junk or data noise? Destroying unnecessary information can help create a clearer picture for the future. For data that needs to be kept, make sure you know where it is stored, who uses it, how to access it and how to protect it. The key to good data practice is in understanding its value in the first place; so treat data like an asset. You wouldn’t leave an asset in the street for other people to pick up – and it is no different in a digital environment.
- Know who is responsible: assign ownership:
With fines for non-compliance set at up to 5 per cent of global annual turnover it is vitally important that someone in the business takes ownership and responsibility for staying up to date with new regulations. Make it clear which role in your business has responsibility for each type of data – whether it is the IT Manager, CIO, Records Manager or an outsourced company.
- Develop processes now to deal with data breaches: be prepared:
It will soon become compulsory for all companies in the EU to have a system in place for dealing with data breaches, including processes for notifying anyone affected by a breach. So why wait? Clear and well-practised procedures should be put in place now – not least to identify who is responsible for reporting.
- Understand whose data it is: seek consent and open communication channels:
In future companies will require explicit consent from people to gather their personal data; so get those processes in place early. Any company that stores personal data should consider what the legitimate grounds for its retention are and how it will communicate this to customers as we move inevitably from implicit consent to explicit consent.
- Design-in privacy: change your culture:
Start to create a company culture where privacy is considered in every process and at every level of the business. Designing-in privacy – and making staff aware of its importance – is the key to good data practice as data protection evolves.
The bottom line is the age of data is changing fast & businesses must be ready to manage their data it’s not optional. Tap into our 15 years of experience in managing email & file data by contacting The Experts on +353 (0)51-334 967