Giving a business your personal data is an act of trust by the customer. In return, that customer expects their information will be handled sensitively, and within the framework of the law. When this trust is broken, it’s all but impossible to rebuild confidence in your business or brand. It can also result in hefty financial penalties. That’s why keeping up with the latest rules and regulations surrounding data protection is vital.
For the past 18 years, the rules for handling personal data have by governed by the 1998 Data Protection Act (DPA). Its principal objectives have been to:
- Define what is meant by ‘personal data’
- Set out the ‘8 principles’ that define how that data can be processed
- Establish a framework for legal implications and fines
In mid-2018, a new piece of legislation is expected to come into force – the General Data Protection Regulation (GDPR). Many of its concepts are the same as the DPA. However, there are new elements and enhancements for which companies will need to prepare.
It would greatly benefit your business to start planning for this change now. That’s because it’s not just a shift in how your IT department handles data, but a cultural challenge for the whole organisation. To put it simply, all your employees will need to have at least a basic understanding of their responsibilities.
If you are looking for guidance, we suggest you take a look at this checklist provided by The Information Commissioner’s Office (ICO). It runs through 12 steps that you can take now to ensure you are prepared for the changes in 2018. Over the next few months, the ICO will publish further guidance so companies, and in particular their nominated ‘data controllers’, should track developments carefully.
Don’t underestimate how crucial this information will be, as technological advances continue apace. Make sure your customers can put their faith in you to handle their data correctly.