GDPR: 100 days and counting - are you really ready?

Adjust Comment Print

The GDPR regulates the processing of personal data by organisations and includes a number of obligations that RSLs must comply with when processing personal data for any type of individual.

Finally, organizational awareness of European data protection and privacy law should not stop at the GDPR. The amount of work to achieve compliance varies depending on: the type of organisation, its scale, and how they use individual data.

The law will come into effect on 25 May 2018, at which point there will also be a replacement Data Protection Act (DPA). "This trust is central to data exchange and showing the value to both the business looking to prosper, and the customer looking to benefit".

The GDPR legislation took a broader, more encompassing view of data protection and focused regulations on the results and outcomes rather than outlining a specific cookbook for data protection.

So if you aware of GDPR but are not exactly clear what is meant by the terms: Personal Data, Sensitive Data, Data Subject, Data Processor, Data Controller, Data Breach, Pseudonymisation, Purpose Limitation, or what your firm is supposed to be doing with them, I would suggest you find out and fast. Businesses will also be required to be able to discover breaches in a timely manner. There will no longer be any requirement to register details of your data processing with the ICO, for example.

For some businesses, compliance with the GDPR will represent more of a challenge than for others.

More news: Chelsea legend Wise unimpressed by Liverpool pair Karius, Lovren
More news: United States stocks trade higher after inflation data
More news: Duke F Marvin Bagley III to miss second straight game

This brings communications technology right to the center of the data protection world, as it is one of the primary methods of collecting this information and using the data to provide services.

More than 28,000 will be needed in Europe and USA and as many as 75,000 around the globe as a result of GDPR, the International Association of Privacy Professionals (IAPP) estimates. These are in scope, but so are other systems like voice, IVR, chatbots, team collaboration systems, messaging apps, social media, and networks that these systems operate - any place personal data is collected, stored, or transmitted. People may switch communications tools over the course of a conversation, and while the channel may change, the compliance requirements do not.

Of particular interest to the communications industry, artificial intelligence (AI) and machine learning (ML) are becoming established in communications processes and are making decisions automatically. HR personnel are likely to see an increase in subject access requests, where individuals can request access to the personal data held on them; this requires the ability to get an accurate picture of all of the data you hold on that individual.

The GDPR will create a level playing field for data protection rules across Europe. Data encryption adds a vital extra layer of security beyond password protection, which can be hacked. A controller is an organization that determines the purposes, conditions, and means of processing of personal data, whereas the processor is an organization that processes personal data for the controller. GDPR directly impacts marketing, sales and customer service operations.

The figures are revealed in the "Data privacy: What the consumer really thinks" report from the DMA and Acxiom, commissioned for the third time since 2012, to explore the views of United Kingdom consumers towards data collection and privacy during this key period in the run-up to GDPR. What have you got, why have you got it and what do you use it for?