I was at a barbecue recently enjoying some spare ribs when someone asked if we should be eating pork if there isn’t an ‘R’ in the month. Much debate ensued to the origins of this ‘rule’, which seems to have stemmed from wise but ancient culinary advice of avoiding pigmeat in warmer months May to August when it was likely to go off quicker. Refrigeration technology thankfully made the ‘R’ in the month rule redundant, enabling us to enjoy pork products all year.
And my point here is that technology does outdate rules and the EU Data Protection Act is no exception. It has been in place since 1995, albeit with sticky plasters added to try and keep up, yet look at the technological advances made in the last two decades? Technology affecting how, where, when, why and what data is used and stored, and by whom.
Change is long overdue to standardise regulations across EU member states, to strengthen privacy rights, and counter cyber threats. And yet, with just under a year until the EU General Data Protection Regulation (EU GDPR) comes into force, it seems many businesses are still unprepared.
But make no mistake, come 25 May 2018, when the new regulations come in, the penalties of non-compliance could be fines of up to 4% of company turnover plus reputation damage. Maybe some firms optimistically believe Brexit changed everything but it seems that GDPR is here to stay in one form or another.
In March, the Information Commissioner’s Office (ICO) published its draft consent guidance and while it focused marketers’ attention, Direct Marketing Association (DMA) research revealed that the number of businesses believing they’d be ready in time dropped to less than half.
The DMA called on the ICO and Article 28 Working Party to urgently provide balanced guidance addressing concerns and helping organisations meet the deadline. Any clarification is welcome but maybe a switch in corporate attitudes is what’s primarily required?
We know cybercrime is one of the greatest threats to world commerce and infrastructure (look at the recent NHS attack), so implementing appropriate governance and accountability to process and protect data is surely to be applauded rather than opposed?
Preparing for GDPR might be a headache, deciding which areas to most focus on, from consent to legacy data. But in the long run, having greater security practices in place will leave you less exposed to risk.
In prehistoric times, keeping an eye on threats and alerting others to danger served us well and will continue to do so if we’re prepared. The threat environment changes constantly as must the rules of the game.
ICO and DMA checklists, videos, webinars and events can help you prepare for GDPR. Approaching it strategically and logically makes preparedness easier, and starting now gives you enough time to source any partners and tools you need.
The Data Protection Act is not fit for today’s purpose and changing it is long overdue. GDPR has evolved greatly since it first draft and it will be neither easy to agree nor implement. But some things require time and effort, and doubtless many ancient Romans, Greeks and Egyptians found shovelling ice into pits to store food hard work. But their pioneering efforts inspired a technology that ultimately overturned the rule of only eating pork when there’s an ‘R’ in the month.
Being able to eat spare ribs unfettered makes me happy. Having safeguards in place to help companies manage risk will make me happier still.