The General Data Protection Regulation is an EU regulation that will come into force in the UK in 2018 and applies to all companies. This is going to have a major impact on businesses, particularly, those who use personal data from third party sources, utilise cloud based applications and communicate with customers through a number of channels. We give you a short introduction here:
What is GDPR?
The General Data Protection Regulation is an EU regulation that will come into force in the UK in 2018 (yes, even with Brexit!) and applies to all companies, worldwide, that have European Union customers, or hold personal information on EU citizens. It has been designed to give individuals better control over their personal data by:
- Including organisations not based in the EU (but hold data on EU citizens)
- Widening the definition of personal data to include information such as IP addresses and cookies (if they are capable of being linked back to the individual), and removing any distinction between private, public or work aspects of an individual’s personal information.
- Demanding that consent from the individual to use their data should be demonstrable and freely given; organisations will need to be able to prove how and when consent was given.
- Requiring organisations to make it as easy for an individual to withdraw consent as to give it.
- Increasing the fines for not complying (compared to the UK Data Protection Act) to 4% of annual global turnover or £15million, whichever is greater.
What does it mean for businesses?
GDPR is going to have a major impact on businesses, particularly, those who use personal data from third party sources, utilise cloud based applications and communicate with customers through a number of channels. Organisations will need to be able to easily identify the personal data it holds, by bringing together data from multiple channels and verifying data sourced from third parties, and guarantee the continual confidentiality, security and resilience of IT infrastructure and systems managing personal data.
In many cases this will require a complete redesign of data handling processes, encryption or pseudonymisation of all personal information and creation of data warehouses, with a full inventory of all data processing and storage activities. To complete this in less than two years is going to be a major challenge for businesses.
While these activities are going to take some investment, the good news is that GDPR is forcing organisations to transform their data management; which in turn allows them to drive market intelligence and sales, target advertising and streamline customer service. Managing data more effectively means that organisations have better customer information to guide their strategy and can therefore focus on implementing cutting edge and innovative solutions to transform their business and go above and beyond for their customers.
Here at Nine Feet Tall, we are experienced at leading complex IT and business change programmes from start to finish. Whether you’ve only just begun looking at how to prepare for GDPR, or want to maximise on the opportunities your data management solution can provide, we’re here to help! Give us a call on 02037 534 692.