COMMUNICA | Issue Five
The 25th May has come and gone without the sky falling in. We were told that GDPR would lead to a revolution in the way in which personal data is used, but it looks like the revolution has been postponed.
Truth is, there was never going to be a revolution- GDPR is a logical progression in data management; not a whole new way of doing things. Many of the concepts within GDPR have existed in the UK since 1984, and across the EU since 2005. What the GDPR really represents is a wake up call: data is important; its misuse can have serious consequences, and that needs to be recognised in the regulatory framework. So, GDPR represents a great big stick that regulators- in the UK the Information Commissioners Office( ICO)- and data subjects – all of us – can use to beat those who misuse our data. And it seems to be working: data protection is now a board level concern for the first time in many organisations; the recent deluge of consent requests was largely unnecessary and annoying, but it demonstrated an awareness for data compliance not seen before. So, some positives, perhaps. However, there are some real negatives. GDPR is a complex and uncertain piece of legislation, which may catch out those who want to do the right thing. So, where are the bear traps for
the unwary?
Not understanding what data you hold
Preparing for GDPR( and it is still not too late to prepare – think of the 25th May 2018 as a milestone in the journey, rather than the destination) is a great opportunity to audit and understand what data you hold. Indeed, it is impossible to become GDPR compliant without having catalogued your data: think about what is held on PC desk-tops, or in sub-sub-sub folders on Outlook.
44 |
Think about that spreadsheet that you emailed to your personal email account so that you could work on it at home. What about memory sticks …. and old Palmpilots buried in desk draws? What about your Dropbox accounts, your Mailchimp lists, your Microsoft Sharepoint documents, those CVs from unsuccessful candidates that you’ re keeping just-incase? The list is endless. Many of us will be finding dusty bits of data, like pound coins down the back of the sofa, for many years to come. This, then, is the first challenge of digital data – just how much of it there is. It’ s everywhere, and it is so easy to generate it, and copy it, and share it, and post it, and store it and … and … in fact the hardest thing to do with it is dispose of it. So we don’ t. But GDPR requires that we minimise the amount of data we process, and that we hold it only for so long as we need it. If we reduce the amount of data we have, and seek to only keep what is relevant for so long as it is relevant, then our lives will become a lot easier, because we will be able to understand our data better. Once we understand it, we can use it in the right way.
“ GDPR is a logical progression in data management; not a whole new way of doing things”