A room full of nervous businesspeople. The threat of fines. And David Wood, IT Director of FDR law, a calm head in a sea of confusion.
The latest event at The Base gave our audience the insights necessary to understand what the GDPR (General Data Protection Regulation) really is.
Most significantly, we learnt what we need to do (by May 2018) and the challenge, repeated by David, of “Why we haven’t started already?”
Those that attended benefited from David’s knowledge as well as advice. And, in addition to sharing his slide deck, David even offered a forum to ask GDPR questions after the event.
Essentially, the new regulation puts all the onus of responsibility on the data controller (the person or organisation that determines what data is held, how it’s used and how long it’s held for). Businesses will no longer be able to sidestep accountability by ‘passing the buck’ to outsourced data processors.
In fact, the arrangements you have with third parties need to comply with the GDPR too. And clients and partners, as David pointed out, will soon be asking the same of us.
Businesses must therefore ensure that their policies and procedures are documented to support the rights of the individual whilst also legitimising their own data usage – be that for day to day commercial expediency, legal obligations or providing for that individual’s best interests (which can include providing a better service).
The need to record the how, what, where and who of data you hold and policies to protect Personal Identifiable Information (PII) was David’s strongest recommendation. This will ensure you have a response ready, within 72 hours, if you should fail any criteria (e.g. if you’re breached); meaning the potential fine from the ICO could be mitigated.
To that end, David pointed the audience to a number of resources and examples from the BBC’s Information and Privacy statements (as Plain English best practice) to guidance on cybersecurity from the NCSC.
Beyond the depth and detail of the seminar, David’s directions for practical action extended the very real and pragmatic approach he gave to his presentation.
If you’d like to attend an event as valuable as this one was, please register with the BaseConnect community.