Managing GDPR is no different than managing other business risks
GDPR is a great reminder to businesses that people lend their information and therefore organisations have a responsibility to look after it. It’s not just about confidentiality, it’s about integrity, accuracy and availability – and it’s just plain good business practice.
If you’re managing customer information in a fit and proper way, then requests for that information – known as subject access requests – are nothing to fear. GDPR is expected to lead to a significant increase in consumers submitting subject access requests, which require businesses to disclose copies of the data they hold on individuals.
If a business has done all the right work, finding and disclosing information for a subject access request will be easy to do, and there should be a streamlined approach in place for this.
Data protection needs to be treated in the same manner as health and safety, and managers need to care about protecting their data as much as they care about protecting their employees.
Why embrace GDPR?
- An initial outlay in resources may be necessary to ensure your information fundamentals are in order, but the long-term benefits of this could result not only in better legal and policy compliance, but could also give an organisation a competitive edge. Boards that display they are committed to taking citizen’s private data rights seriously may well have a positive effect on an individual’s choice of who they want to place their custom with in the long term.
- Clear, transparent and accessible information on how you process personal data will lead to public confidence in your organisation.
- A review of information holdings and correct storage and indexing of personal data will allow a much easier facility to provide individuals with information following data requests. It will also allow you to easily amend any data discrepancies with regard to an individual, as well as easily identify and delete personal data where necessary.
- The commitment to adhere to GDPR may also result in a review of data retention policies, which could lead to a realisation that organisations can decrease storage overheads, reducing the overall size of their digital footprint.