GDPR is here today. Here are four simple steps to help you prepare
There’s a lot of hype around the General Data Protection Regulation, GDPR, but if you haven’t started getting ready for it, are still confused or unsure, this is where you should begin, but begin you should definitely do. The change in data protection is here. Today, on May 25th 2018, the long-awaited and much-hyped General Data Protection Regulation (GDPR) will start being enforced across Europe. Any data breaches must be reported to the Information Commissioner’s Office (ICO) who uphold information rights in the public interest https://ico.org.uk/for-organisations/report-a-breach/. GDPR is the biggest overhaul of data protection laws in more than two decades but Elizabeth Denham, the UK’s Information Commissioner ( https://ico.org.uk/about-the-ico/who-we-are/information-commissioner/ ), has called it an “evolution” rather than a complete “revolution”.
For businesses and organisations which already comply with the UK’s current data protection law many things will stay the same but GDPR will bring in some new obligations. If you’ve made it this far without hearing of GDPR, confused about the regulation or don’t know where to start with preparing for its obligations (better late than never!), I’ve put together a few simple steps to get you started and to understand. GDPR is a dense piece of law so these shouldn’t be treated as an all-encompassing list of actions to get you underway to recognise and act on.
1) Make sure people know about GDPR – Information commissioner Denham has said her office will be more lenient on businesses and organisations, who have fallen foul of GDPR, if they have shown ” awareness” of it . This means if decision-makers know about GDPR and are taking steps to meet its obligations, their organisations are less likely to be fined – if the ICO goes down that route.
2) Check people’s rights – Under GDPR, the rights of individuals are clearly defined. There are eight of them and they include a right to access, a right to be informed, and a right to object. Largely, the eight rights build upon abilities individuals already have but there are some new ones as well. These include the right to data portability. Businesses and organisations should check that they comply with existing rights and determine whether they need to make any changes for the enforcement of GDPR.
3) Change privacy notices – The UK’s current data protection law – the 1998 Act – requires privacy notices to be displayed whenever personal information is collected from a data subject. They’re designed to inform a person who will be processing their information and why. GDPR expands on the need for privacy notices: it introduces a greater transparency requirement and will likely result in companies needing to rewrite their published statements. This means fuller privacy notices, with greater detail, are required.
4) Be prepared for data breaches – If a company loses or has personal information hacked in a data breach it must report it to its local data protection regulator (ICO website above) if there’s a risk to people’s rights, the GDPR says. This must be done no more than 72 hours after the organisation finds out about the data breach and moves away from non-compulsory data breach reporting in the UK. If there’s a high risk to the rights of individuals by the data breach, the people impacted have to be told as well. This means businesses and organisations need to have processes in place to allow a data breach to be examined and properly researched.
There are three steps that firms must now embark on: a) identify client data access and capture points; b) collaborate with clients to gain consent for justified usage of personal data; and c) remediate data access breach issues. Failure to do at least one of these now not only cause financial pain in the long run, but will also erode client confidence.
GDPR is being introduced today, 25th May, 2018 and will have consequences for the way in which your firm manages its IT systems and your data. Understanding GDPR is the first step towards putting in place the necessary systems and processes to meet the new requirements. Cont act Storm IT Financial for help & guidance about GDPR & it’s effects on your firm.
Storm IT Financial FinTech News & Trends picks: Week 21st May– 25th May2018
Liberation day! Don’t email me. I sure won’t be emailing you
Today, happily, the EU’s General Data Protection Regulation comes into force. It’s the data detox we’ve been waiting for:
A looming prospect: is the financial services industry ready for GDPR?
The deadline for GDPR compliance is upon us, yet most UK financial services firms are from ready. What has to be done…:
Europe sets a high bar on privacy with GDPR
Microsoft has said it will extend the user rights like transparency and the right to ask for personal information to be deleted – globally:
Extracting business value from regulatory compliance; the importance of effective information management
The financial services sector is having a tough 2018. MiFID II came into force on 3rd January and GDPR on 25th May. Both regulations have…:
Banks seek tech talent for digital shift
Adverts for IT and engineering roles at EU lenders rise more than ten times in three years:
Are Apple, Amazon and Facebook the future of banking?
Watch out, big banks. Silicon Valley is targeting finance as the next industry ripe for disruption:
Broadband ‘average’ speeds revealed: see which providers have the fastest UK internet
BT, Sky and Plusnet among slowest ADSL internet providers:
FCA – Blockchain: considering the risks to consumers and competition
Speech by Mary Starks, Director of Competition, FCA, at Authority for Consumers & Markets Conference Panel:
The UK’s Cryptoassets Taskforce Agrees on KeyObjectives in First Meeting
The British government’s cryptocurrency task force has held its first meeting ahead of assessing…:
Bankers grumble about Big Tech threat
top Fed staffer & European bankers voice concerns that the likes of Amazon could be stepping onto their turf…:
Banking by mobile app ‘to overtake online by 2019’
More consumers will use apps on their smartphone than a computer to do their banking by as early as next year…:
Could smartphones replace bank branches?
An indication of how much we now rely on smartphones rather than computers to manage our money…: