Blog

Information to help your business benefit from telecommunications

GDPR...The Coming Storm

GDPR diary date

To most of us the initials GDPR will mean very little. There’s a hint of Gross Domestic Product in there, or something to do with Public Relations, but not much more than that.

Yet.

Because what GDPR stands for in this case is General Data Protection Regulation, and if you thought for a moment that the present Data Protection Act was in any way challenging, then GDPR could make your eyes water. What it is is Europe’s attempt to give people more control over the way their data and the details of their lives are used by companies, especially given the rise of the likes of Facebook and other social media who beaver away in the background finding out as much about us as they can. It’s also an attempt to standardise legislation throughout the EU, which you may think a little odd as we’re on our way out, but does make sense.

You’ll note that this isn’t called GDPD, and that’s because this isn’t a Directive, which would involve the UK introducing new legislation, it’s a Regulation, which means it’s instant, and instant in this case is 28th May 2018...and the fines for non-compliance and breaches are severe.

So, who will this legislation effect? The answer is: every business or organisation that is either a ‘processor’ or ‘controller’ of data, and to make it clear a ‘controller’ is any body who dictates how and why any personal data is processed, and a ‘processor’ is anybody who carries out the processing, in other words, just about every organisation from the smallest charity to government and Google, even if they’re outside the EU themselves.

After 25th May next year ‘data’ will include everything already covered by the Data Protection Act, plus IP addresses and any health, cultural or economic information. Consent to use or hold any information will have to have been received by way of an active and positive affirmation of intent, rather than by opt-outs or pre-filled tick boxes (for example). Data can then only be used for a specific purpose and must be discarded thereafter. It must be used lawfully and transparently. It will also be necessary to make it easily known how you collect data, what you do with it and how it is processed.

There’s more, but by now you’ll have got the gist that this is one regulation that has the potential to make a big difference to how business is done.

Our advice is to begin planning and taking action today, and don’t leave anything to chance. Audit all your business processes, checking what data is held, confidentiality and any unauthorised processing that may be taking place. How secure are your systems against any accidental loss? Make sure your policies and procedures, Terms and Conditions, B2B contracts, non-disclosures and privacy policies comply, and think about your website and app registration processes.

Then: Train your staff to know exactly what to do, have a data security breach plan and don’t get conned into believing that there’s such a thing as GDPR certification. There isn’t.

How can TP Tele help in all of this? One way to start keeping out of potential trouble will be to make sure that your business never tries to make sales calls to those consumers and businesses that have gone to the trouble of registering with TPS, the Telephone Preference Service (there’s also FPS for faxes). We can automate this process for you, so it can never happen. It’s just another thing we can do to help your business.

comments powered by Disqus