Data Privacy – how will the changes affect you?
Just how much of your information can be accessed, bought, and sold by strangers? The answer of course should be none. Organisations have a duty of care to their customers to protect sensitive data from unapproved third parties. All UK businesses including Ebuyer abide by the 1998 Data Protection Act, making sure all our sensitive data isn’t readily available to those who might want to exploit it. In 2018 legislation will change, which may affect you.
Data Privacy Day has been created to get people talking about data. Celebrated across the USA, Canada and Europe, companies like Twitter, Intel, Cisco and Solera sponsor events and lead the conversation online. Asking the big questions: why is data protection important, how is personal information handled now, and how will this be changing over the next few years?
Where did data protection laws come from?
During the second half of the 20th century, computers became the easiest way to store information. And the creation of networks made sharing information between locations and branches of companies as easy as clicking a button. But along with this was a serious risk of sensitive data getting into the wrong hands and exploited.
The original Data Protection Act was created in the 80s then revised and strengthened in 1998. It gave businesses clear guidelines to prevent data being misused and gave consumers legal rights over the data they share. This could be anything needed to complete a purchase from a company, from name and address to bank details. So it was essential a benchmark was set for all companies to follow and give customers’ data the consideration it needed to make them feel safe and respected.
What does the law say now?
Whether you’re self-employed or part of a large business, any company that handles personal data from clients to conduct a transaction has to abide by the Data Protection Act. If you want to read up on the full terms, visit https://www.gov.uk/data-protection/the-data-protection-act . Here’s a taster of what to expect when you do:
– Companies must have permission to collect and use data from the individual
– Businesses should only use data in the way they laid out when they collected it
– Only the data that’s needed should be collected
– The information taken should be accurate and kept up to date
– Data can’t be held for longer than it’s needed
– The consumer has rights to how the data is used, this has to be respected
– Personal information has to be kept safe and secure
– Data shouldn’t be stored or shared outside the EU
How is data protection going to change, and will it affect you?
As of 25th May 2018 the way we protect data in the UK is going to be changed. We’ll be moving over to the General Data Protection Regulation used throughout the EU. You can read all about it here: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/.
As a business how do I prepare for the changes?
The changeover won’t be put in place until 2018 but if you want to get ahead of the game and prepare your business for the switch, here’s five ways to get GDPR ready:
1. Get top level management on board. All changes have to be driven from the top
2. Understand your current level of compliance with the rules by conducting your own assessment
3. Start to develop a security incident process and templates to notify the government of any breaches
4. Create and update policies and processes to protect personal information in line with the new rules
5. Provide the right training for employees so they understand their responsibilities when it comes to data protection and also how to report a breach
Overall the GDPR seems to promote greater responsibility and harsher punishment for those who aren’t compliant with the rules. Which means data should be handled even more carefully with greater measures put in place to keep information safe and secure. How will the changes affect you?