The Data Protection Act was formed in 1998 (a consolidation of various other acts). At the time, it was a huge leap forward, but times have changed. It’s hard to think of a world without companies such as Google, Facebook, LinkedIn. These companies hold a huge amount of data (including personal data), but none of these companies actually existed in 1998! It is estimated that less than 10% of UK households had access to the Internet in 1998 (personally I think this number is still quite high).
No matter what device we use to access the digital world, everyone leaves a digital footprint on a daily basis. It could be information that can track our movements, credit card info, date of birth, holiday arrangements – basically a vast amount of personally identifiable data. The risks posed of this personal information in the wrong hands is unthinkable.
Enter GDPR.
But how does GDPR differ from DPA?
Accountability
Accountability is something that all organisations will be looking at very closely. The new regulation states that all organisations must be able to demonstrate conformity to the rules.
Some of the ways in which you can demonstrate conformity include:
- Training staff on GDPR and good practices
- Conduct regular internal audits of any processes that include data activities
- Appointment a DPO (Data Protection Officer) (only mandatory if more than 250 employees)
- Adapt and design your management system based on the fundamental principles of data protection
- Stress test your processes and procedures on a regular basis
- Be open, honest and transparent when dealing with any personal data