07.02.2018

GDPR - Busting the Myths

 Show Interest

GDPR - Busting the Myths

 Show Interest
Amongst the plethora of GDPR posts and sales pitches it’s proving really difficult to see the ‘wood for the trees’.  When struggling with an issue it’s great to have a trusted advisor but in the case of GDPR I would like to quote Tim Turner, his LinkedIn description runs; ‘Data Protection trainer & consultant. Not GDPR certified because nobody is’.  I really like this because I think gives us the true picture, that at this stage (ie before this has actually become law) no one can claim with any certainty the implications and how this will be enforced.

Hopefully the name says it all, that here at Trusted Computing we provide IT services that you can rely on and trust to benefit your business so without further ado, we were asked to write a post on GDPR to help ‘debunk’ the subject and without pretending to be an expert here it is!

We need to be fully compliant by 25th May 2018 – I think it will be acceptable that you are able to prove you are taking steps to comply even if the process isn’t complete.

We need consent to process personal data – This is the point on which there has been much debate, the fact is we need a lawful basis to process personal data.  There are six available lawful bases for processing. No single basis is ’better’ or more important than the others – which basis is most appropriate to use will depend on your purpose and relationship with the individual.

One of these is consent, in which case we need to record how clear consent was given and for what specific purpose, whether the consent applies to contact by email, phone or text.  We do need to bear in mind this consent can be withdrawn at any time.

The second basis is when the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

Thirdly, legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

Vital interests, the fourth basis sounds as if we could apply this in most cases, surely any sales person believes their products are vital to the prospects interests!  However, this actually refers to when the processing is necessary to protect someone’s life.

The fifth, public task, when the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Finally, legitimate interests, where the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

What is actually meant by ‘personal data’? It may be assumed that personal data only refers to truly personal data such as ethnicity, religion, personal telephone numbers, but in truth it has a much wider scope.  Simply any data which can be used to identify an individual is included in this, for example an email address for a specific person at a company would constitute personal data while a generic sales or info@ email address would not.

I would also question whether the term data breach is generally understood.  Anyone whose bank details are compromised would agree that such an occurrence would be included, but again  I believe the scope is much wider.  Recently I received an email purporting to be from known contact at a company I have had dealings with and while scam emails are very common in this instant it was clear that the personal contacts had been harvested by a malicious third party.  This company are now claiming to have reached full GDPR compliance!

 A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes.

It also means that a breach is more than just about losing personal data.

The two key points here I would like to emphasise are;

A data breach is a larger threat than the likelihood of fines for non-compliance with GDPR because of huge reputational damage and the fact that each individual whose data has been compromised is entitled to compensation.

Secondly, I would strongly advise any company to ensure they have a reliable back-up strategies in place as unlawful destruction of data would have devastating effects.

Much of this appears to relate to IT however it is worth considering GDPR covers any records however they are stored.  For illustration purposes if a sales rep left their Filofax on the train, would you know what information was lost? 

In essence, GDPR means we need to know what information we store, where we store it and why we store it.

Please note we aren’t legal experts this is just how we understand GDPR and would welcome comments and corrections.
  • Data Backup
  • Backup and Disaster Recovery
  • GDPR
  • Data breach
  • Personal Data

Leading the way in IT security. All support packages include security as standard. Easy-to-understand solutions, consultancy that makes sense.

Comments

Training and Development

Monsters Don't Live Under Our Beds, They Live in Our Heads.

It’s 1989 and I’m sitting in the corner of the vice-principal’s office with tears running…
Financial Services

5 Things to watch out for when growing your business

Pressures on cashflow, staff costs and evolving legislation now force SMEs to critically…
Training and Development

How to Increase Goal Achievement by 90%

DREAMS! GOALS! VISIONS!Do you feel the need to change a specific area of your life or…

More Articles

Financial Services

8 Things Accountants should not do...

So what should an accountancy firm/function/professional offer companies of today? Given…
Training and Development

Prepare for a Date With Your Dream Goal

„Failing to Plan is Planning to Fail” – Alan LakeinDo you remember that very special date…
Legal

Client appointments to explain documents, obtain...

Our nationwide network of professional agents are available to book and conduct client…

Would you like to promote an article ?

Post articles and opinions on Manchester Professionals to attract new clients and referrals. Feature in newsletters.
Join for free today and upload your articles for new contacts to read and enquire further.

Find the right professionals in Manchester

View The Full Index

Search By:

Submit your Enquiry here

Enquiry Details

Contact Details