Much has been said about the forthcoming General Data Protection Regulation (GDPR). It’s a seismic shift in the way personal data must be controlled and processed – we even have our own micro-site dedicated to it.
The focus for many businesses is to look at the parties they contract with and to ensure that businesses in the data chain are all General Data Protection Regulation compliant. The first port of call is a “data mapping” exercise.
Apple’s recent World-Wide Developers Conference has shown that even the biggest organisations in the world are paying attention to the new law. This is, of course, in part due to consumers becoming ever better educated and aware about the data they provide to organisations and how it is handled – media coverage of the data loss of businesses such as TalkTalk and, more recently, the NHS have sealed data’s fate as a currency that consumers now pay interest in.
This means that organisations are taking steps to pro-actively mitigate the possibility of data loss (something which will carry fines at the top end of the 4%/€20,000,000 scale under the GDPR). Apple’s announcements at WWDC are one such example. Much has been made of their increased focus on machine learning, deep learning and artificial intelligence. The end result for consumers is an enhanced, personalised experience when using their device(s). Yet Apple were also at pains to point out that the data was processed on the device – anonymised at source – before being sent to the cloud for integration and sharing.
Such an approach is completely in line with one of the key principles of the GDPR; that personal data of an individual is, in essence, the property of that individual and not that of the organisation collecting it. Unusually, this means that the law may favour the innovative, bleeding edge businesses rather than those with established processes.
All businesses in the UK will be affected by the GDPR. If you’d like to learn more, please contact us.