A lot of businesses are currently panicking about the imminent changes to data protection legislation. It seems that they have only just realised that GDPR will apply to their operation and that it’s not simply some nonsense from Brussels that they can ignore.
In some ways, we understand this situation – we are living in a rapidly changing age and there has been precious little time for a cool, clear assessment of the amounts of personal information held by companies. That data is very valuable, and the increasing prevalence of high-profile cyber attacks has shown the weakness of some security systems – even those of some very big players in the business world. Everyone would like to think that their personal information is protected, but sadly it isn’t always the case.
That, in essence, is what the EU legislators have realised. The GDPR regulations, with their stiff penalties, are a wake-up call to the business community and give individual data subjects the rights they need. And even though this is EU Legislation, there will be very few UK businesses it won’t impact. You may think your business is conducted entirely in the UK, but if data is stored in the cloud, it could be on a server almost anywhere in the world. If you have collected information from an EU citizen via your website, you’re under the regulations. And Brexit offers no escape. The UK is following GDPR because it makes sense – and that’s why we’re well on track with our GDPR preparations.
We owe a duty of care to our customers and to our suppliers – in fact, to anyone we interact with. We need to treat their information with respect and recognise its value. Our processes are already changing as we take a close look at the risks and at our responsibilities. Our privacy policies, security measures and methods are all being scrutinised and we’re actioning every single issue we find.
We’ve still got a few weeks to go before the 25th May deadline. We’re well on track, and we’re confident that we’ll be ready, but we’re not complacent. We recognise that the nature of cybercrime attacks is continually evolving. Every business needs to maintain a strategy for the ongoing protection of data. Not just to tick a box that confirms compliance with a complicated and confusing set of rules – we need to do this because trust is a vital part of any relationship.
We’ve got a message for those trying to ignore GDPR: don’t – it’s not about red tape, it’s about respect.