GDPR AND WHY IT MATTERS
In the light of numerous data protection scandals, the information we hold about individuals and how we use it is a hot topic.
As a recruitment agency, data is our key currency. We handle the personal information of our client’s every day. Whilst preparing for GDPR here at Spencer Edwards, we decided to take a look at what’s involved, why it’s important and why we think it’s necessary.
What is it?
GDPR, or the General Data Protection Regulation, is a framework of rules intended to govern how we manage any data that can identify our clients. The Regulation covers the protection of all personal data on each and every virtual platform, providing clear rules that are fit for purpose in the digital age.
It forces businesses to stop and consider what information we have about our clients, why we have it, what we intend to do with it, and how and when we will destroy it.
More uniquely, GDPR puts individuals in control, because the paramount consideration underpinning GDPR is not the data itself, but whether we have permission to use it.
What does it do and who does it apply to?
The European Commission’s GDPR website states that the aim is to create a “harmonised” approach to data protection across the member states. This means that it will no longer be necessary for business owners to navigate the particular laws of the individual countries they trade with.
The scope of GDPR goes beyond the boundaries of the European Union, dealing not only with how the member states handle data, but how other countries outside of the EU treat the personal information of EU citizens. In essence, the ramifications of GDPR will be worldwide.
Given the on-going Brexit negotiations, a common question has been whether businesses and organisation in the UK have to comply with GDPR? The answer is a resounding yes. Whilst the UK is due to leave the EU in due course, British businesses will still be required to adhere to the Regulation when trading with the EU and it’s citizens.
The UK in any event is due to implement its own Data Protection Bill, which contains all of the principles of GDPR with the exception of some small changes. The published Bill is still being debated in both Houses of parliament, but it will become law.
Is it a good thing and should we be worried?
GDPR has caused quite a stir, with many businesses feeling under pressure and worrying that they will not be ready for implementation day on the 25th May 2018. However, are we over complicating GDPR and its requirements?
In it’s most simple form, GDPR is good old-fashioned common sense. It regulates the ethical and moral ideas involved in data protection; don’t gather information you have no need for; keep data secure; ensure access to data is constrained; delete what you don’t use; and finally, be able to prove it.
Is it a good idea?
The UK’s Information Commissioner Elizabeth Denham has stated that she is frustrated by the amount of what she described as “scaremongering” surrounding GDPR. She summed up the spirit of the Regulation perfectly; “GDPR is a step change for data protection. It’s still an evolution, not a revolution’[1].
As businesses entrusted with our client’s personal data, the principles of GDPR should not come as any surprise and arguably should not cause concern.
When asking the question of whether GDPR is a good idea, you should start by asking how you would expect your personal data to be treated, and whether your permission was asked before it was used. GDPR requires us to treat our client’s data with the respect it deserves, and any business worth its salt should undoubtedly be doing that already.
Obviously I couldn’t get through the whole article without getting in a plug. If you are looking for a specialist recruiter in the Governance, Risk and Compliance sector, please don’t hesitate to contact us.
If you’d like a chat, then get in touch at [email protected] or review our website www.spencer-edwards.co.uk
?
[1]https://www.wired.co.uk/article/what-is-gdpr-uk-eu-legislation-compliance-summary-fines-2018