The rise of the internet and digital life in general has brought with it many benefits. However, with every positive advancement, there seems to be an opposing drawback. One such issue is that of data protection. Whether it’s purchases via an online shop, newsletters, emails, social media or simply browsing your favourite websites, we produce so much data. A consequence of this is that much of this data is collected, stored, sold, used and stolen. This may be okay for cookies or general preferences but sensitive data is a different story. Personal information, in the wrong hands, can be potentially dangerous and it’s for this reason that data protection is so important.
Considering how pertinent this issue has become, governments have created comprehensive legislation to protect user data. One of the most stringent reforms was that of the EU’s GDPR, implemented in 2018. The GDPR or General Data Protection Regulation was a way to update the European Convention of Human Rights from the 1950s, so that it reflected modern times.
Although the UK has since left the EU, they’ve adopted the vast majority of the GDRP into UK law. Furthermore, the EU’s GDPR protects EU citizens and therefore applies to any organisation that interacts with EU citizens- which is basically every organisation.
Personal Data
The definition of personal data can be quite broad. It’s defined as an information, linked to an identifiable natural person. This basically means any data linked to a living, non-fictional person. This includes everything from email addresses and names to search history and cookies.
The more sensitive the data, the more responsibility there is to safeguard it. Sensitive data is anything that connects a user to their private identity, e.g., names, addresses, banking information, IP etc.
GDPR
Although the overall GDPR can be extremely comprehensive, there are some general policies to keep in mind. “Privacy by design” is a major concept in which organisations keep data collection to a minimum and ensure private information is protected.
Consent is also extremely important and all organisations must ask their users for consent before collecting data. This includes providing transparent reasoning on why they’re collecting data and what will happen to this information. Any previous underhanded practices of gaining consent are now prohibited.
According to the GDPR, users now have a number of inherent rights, which must be respected by any organisations which collect their data. These include
- Knowing how your data is collected and used.
- Users can ask what information has been collected.
- Users can request to have incorrect information changed.
- Users can request to have their data deleted.
- Complete refusal of data processing.
Compliance
Attempting to become GDPR compliant can be complicated but there are some relatively simple steps you can follow.
- Create a list of all of your data sources.
- Use this information to create a register of processing activities.
- Update all of the relevant policies and procedures to ensure GDPR compliance.
- Educate staff.
- Create a review process to ensure continual compliance.
Data breaches may be a worst-case scenario but they are becoming more and more common. If you suspect that you have had a breach, it’s imperative that you move quickly. You need to inform your supervisory authority within 72 hours and users should be notified as soon as possible.
Non-Compliance
It’s important to note that non-compliance of GDPR can be extremely costly. In fact, fines for non-compliance can run up to £18 million or 4% of annual global turnover – whichever is greater.
With so much at stake, it’s important that data protection is at the forefront of your business plan. The team at U-Deliver can ensure that you’re compliant in a variety of business policies, from taxation to data protection.