The responsibility of every superhero is to save the world. If you’re a fan of superhero films you’ll know what we mean. On 25 May 2018, that responsibility applies to your use of data. This is the date when new EU legislation comes into force: General Data Protection Regulations, the GDPR.
Superheroes might interpret GDPR as standing for Guarding Data Proactively and Responsibly because that’s basically what the new legislation requires as it updates the Data Protection Act 1998 – and if you think Brexit means avoiding this red tape, think again. It will still apply if you have connections in the EU. Plus, our government have pledged to uphold the legislation anyway.
So, what does it mean to be a Guardian of the Data?
It regulates ‘individual’s data rights and organisations’ data control and processes’. In a nutshell, if you collect, record, store, manage and dispose of data – then you need to be a Guardian of the Data!
We know lazy, inefficient and careless management of data can lead to super-villains stealing and using it for nefarious purposes. As a Guardian of the Data, your role is to stop them.
The EU directive has six principles by which your role as superhero will be defined. You will need to:
1. Process data fairly and lawfully (such as justifying the reasons to individuals for collecting/using the data you request, making sure it won’t adversely affect them)
2. Use the data for the purpose it was collected (obtaining permission, allowing people to opt in etc.)
3. Ensure data collection is adequate, relevant and not excessive (the regulations set limits on this)
4. Ensure data systems are accurate and up-to-date (so they’re reviewed regularly)
5. Avoid keeping data for longer than is necessary (your systems need to be time-sensitive)
6. Process data securely (so that systems are encrypted, stored securely, have methods to deal with potential security breaches etc.)
As all good superheroes know, the rights of the individual are sacrosanct. Your data management needs to have, what the GDPR defines as ‘privacy by design’. Technology and management processes need to combine to ensure individuals can be assured you’re protecting their information. Plus, the individual has an entitlement to check this is the case. You will need have systems in place when someone gets in touch to ask about your data management and what information you have on them specifically.
That’s why training is so important.
The news often covers stories of data breaches – the laptop left on the train, the unshredded documents in a bin, the mislaid USB stick – after 25 May 2018, such neglect will result in fines, compensation and hefty claims.
So, don’t delay, respond today! Follow this link to find out more details about GDPR training so that you are Guarding Data Proactively and Responsibly as a Guardian of the Data!