WHY YOU SHOULD FOCUS ON GDPR IN YOUR COMPANY

We are coming up to three years since the introduction of General Data Protection Regulation commonly known as GDPR. For some companies handling privacy and working with the data protection regulations has been going on longer than the existence of GDPR itself. Whilst for others, GDPR is still a challenging and somewhat unassailable regulation that may still seem difficult to understand how to approach. The fact is that GDPR is here to stay and we need to ensure that GDPR is a natural part of our everyday business. 

Three years as the Data Protection Officer

When GDPR became law it was a duty for companies to appoint a Data Protection Officer (DPO). The role was to monitor internal compliance, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) as well as act as a contact point for data subjects and the authorities. A varied and quite remarkable role.

Here at ABAX we established the position as DPO as soon as possible not only because we were obliged to by law, but it was critical to bring in this role to focus on privacy and quickly put GDPR on the map in the organisation.

For me as the Data Protection Officer in the ABAX Group, the experience so far has been filled with positivity. GDPR is a priority in ABAX, the DPO role has been branded as important, I am asked for advice and am listened to when I consult on privacy matters. This is important because it gives the role strength and weight and the affects in the organisation are employees knowing that GDPR matter and we need to make right.

We cannot choose to ignore GDPR or not care about privacy, safeguarding privacy has come to stay.

It is about time that GDPR is a natural part of our everyday business, it permeates everything we do and is relevant at all levels. It has come to stay, and we must all make sure that enough attention is given!

?

Create useful solutions together

How do you utilise the role as a DPO? How do you ensure the role remains as a resource, a valuable advisory position, and a job that will not evolve into being a frustration to your colleagues which may make them want to keep a distance?

For me it has been crucial as well as useful to have informal interactions with my colleagues because it has given me a fast way to gain a lot of information. The internal network of colleagues who belong to different parts of the value chain is something I have kept close. This was valuable for me to quickly gain an overview of the value chain and ensure the DPO role being involved in as many processes as possible.

In addition, I have focused on being humble, positive and solution orientated when approaching a challenge or problem, pointing fingers and focusing on limitations will not get you anywhere. It will not lead to a good work environment or innovation. The chances for being neglected from a meeting rather that being invited in will most likely happen if you go for the negative approach.

Being solutions and compliance oriented was a key factor to ensure GDPR was on the map. With that, I could contribute to establish privacy steps in the value chain that would ensure sufficient handling of privacy.

A benefit, but maybe also a challenge?

With GDPR being implemented a lot of elements that protects the data about you and me now must adhere to certain criteria. That is a great thing, right? Having a law that protects personal data and demands companies handling personal data in a correct, secure, and proper way. Most of all, GDPR is a positive act focusing on us individuals. That said, it also challenges the way we run our business. 

We are to limit data, avoid suppliers with any association outside the EU/EEA region, we should have automation for handling requests for export of data and erasure, we have to establish documented routines, we need to self-assess and even in some cases do a DPIA to assess the impacts of processing personal data in a more detailed way. We need to have retention routines in places by default and ensure we do not process any data we do not have a valid purpose of processing. The list is long and there are requirements that demand a lot of resources but, we can still and should do business. We just need to be more innovative and ensure we process as well as handle in a compliant way.

Different size companies – still the same requirements

Did you know that GDPR is relevant and an obligation for everyone? In ABAX we have customer accounts ranging from the small ones with a few subscriptions to the larger accounts with thousands of subscriptions. Some customers have established legal departments dedicated to run all processes regarding GDPR, whilst other companies are run by a single person running the business themselves alone. These companies are different, but they share the same duties.

Have you still not started prioritising GDPR in your company? Here are a few key steps I would focus on to get a quick overview:

1. Do a self-assessment to check if you are following the data protection law and find out how you can keep personal data secure.
2. Quality check all your suppliers and make sure you have a Data Processing Agreement in place
3. Limit data and start deleting

In ABAX we have worked consistently with GDPR since 2018. As a supplier of a service that tracks movement and positions, we are obliged to do all we can to limit personal data and secure quality for our customers. My experience as a DPO proves that involvement is an absolute requirement.

My experience is that it is valuable to be open about the work we do on GDPR, if you want to learn more about how ABAX handles privacy, check out this webpage: https://www.abax.com/uk/privacy

It is about time that GDPR is a natural part of our everyday business, it permeates everything we do and is relevant at all levels. It has come to stay, and we must all make sure that enough attention is given!