Author: Gary Hibberd
Date: 29th June 2020
Since 2018 I’ve had a number of people ask me what the General Data Protection Regulation (GDPR) is so important. In truth, the answer to this question lies in the fact that the question is being asked.
Twenty years to prepare
GDPR is important because organisations of all size and shape ignored the Data Protection Act for such a long time. Many paid lip service to the DPA and had scant regard for our security or privacy. If that sounds too harsh, ask yourself why you have continually received ‘cold calls’ and been inundated by junk mail (both physical and virtual). Why? Because organisations took your data and monetised it.
For the longest time companies took your data and sold it to anyone who would buy it. If you’ve ever received a call from a company stating “Our records tell us that you’ve been involved in an accident”, then someone, somewhere took data you provided and sold it to someone else.
When the GDPR came into force in 2018, it seemed like the whole country went into panic mode! Business owners bleated how this was going to destroy their companies! I had numerous conversations with grumpy business owners and leaders, who seemed to believe this was something new and had been done to simply make more money for the Government.
It was almost a surprise to some of them that the Data Protection Act had been around since 1998, and everything they were complaining about had been the law for twenty years! If GDPR was a shock, then it was merely because for twenty years these organisations had ignored a law that is there to protect you and I. It would appear having twenty of years to prepare and do the right thing wasn’t enough!?
The GDPR is important because it requires organisations to put the rights of Data Subjects first and foremost in their processing of our data. Please think about that sentence for a second.
The GDPR requires organisations to put YOUR rights first, above their own interests. But not just yours. Your children. Your partner. Your parents. Your loved ones.
Gone are the days when an organisation can collect whatever data they decide upon, hold it for as long as they want and share it with whoever they like. Utopia! Right?
Not quite. Again, as stated above, the GDPR didn’t just bring these rules in. For the last twenty years, it has been a requirement that organisations be clear about who they share your data with, why they’re holding it and when they’ll destroy it. But this law was largely ignored and begrudgingly followed.
The GDPR shouldn’t be difficult. As Aretha Franklin observed “R-E-S-P-E-C-T… Find out what it means to me!” The GDPR requires organisations to be transparent about what they’re doing with your data. To show it, and therefore YOU some respect.
Is that too much to ask? For example, do you think it’s ok for organisations, like the Government, to take your data and sell it to others? The NHS perhaps? Are you ok taking your pregnant partner to the Doctors, only then to be inundated with products for expectant parents arriving at your house?
How about seeing the same Doctor about a troubled sex life, only to be welcomed with a plethora of advice and products about erectile dysfunction on your doormat or inbox?
If you have a sense of outrage at the thought of this, then you are beginning to see the importance of the GDPR.
GDPR simply means Giving Data Proper Respect. Nothing more. Nothing less. Organisations for the longest time seem to think that because you have shared data with them, they can do with it what they like. The GDPR is in place to protect us and requires organisations to show us some respect.
More than Words
I recently read a book which talked about GDPR specialists who are ‘Zen Practitioners’; GDPR practitioners who not only want to understand what the GDPR says, but what the spirit of the letter is. This accurately reflects who I am, and who I believe we ALL should be.
The GDPR has a lot to say about protecting the rights of data subjects (you and me), but it’s how people interpret the words and what they do with them that’s important.
I can usually tell quite quickly which organisation is paying lip service to the GDPR, and which one has understood the spirit of the law. I would prefer to work with and for the organisation that is doing its level best to comply with the law, because it tells me so much more about them than simply that they are observing the law.
Yes, the GDPR is the law, but it can also be seen as a moral guide and compass. If you read the six principles of article five, you will see that the GDPR is asking you to act respectfully and responsibly with data. Therefore the GDPR is important because it tells me if you’re the type of company I want to be associated with.
“Why is GDPR important?” for me is a rhetorical question. It’s a question that shouldn’t require an answer. GDPR is important because it clearly states what every organisation processing data needs to do to demonstrate they are a trustworthy organisation.
If you are dealing with an organisation that is struggling to comply with the GDPR it simply means they are someone who a) doesn’t understand the spirit of the letter or b) cannot be trusted with your data and has placed their interests above those of the people they deem to serve.
If the above sounds harsh, let me explain that it is from bitter experience that I’ve seen the lack of respect for the protection of OUR data. The number of data breaches we see occurring tells me that some organisations aren’t doing what they should be doing to protect OUR data.
GDPR is important because it tells us which organisations we should and should not entrust with our data.
GDPR is important because it tells us which organisations we can and cannot trust.
GDPR is important because it protects us.
In our collection of whitepapers, Cyberfort’s cyber consulting experts explore issues from cyber threat intelligence to incident planning and data security. Read our whitepapers to help make informed decisions for the benefit of your business.Learn more >