Does anyone know what is special about that date? Is it my birthday? No. Is it my wedding anniversary? Also no. In my opinion, this date is has a far greater significance than either of those dates (plus, I’m not married, yet!)
This date has significance because it is the launch date for the single largest data privacy regulation since the beginning of data! It’s the enforceable launch date for the GDPR! Yes, I know that’s a HUGE statement to make, and I can hear you shouting “What about the data protection act?” “What about all of the Data protection regulations in all of the EU member states?” Well, the GDPR (General Data Protection regulation) isn’t here to replace other regulations, it is here to strengthen and unify data protection for ALL individuals within the EU. (officially it replaces Directive 95/46/EC of 1995, but that doesn’t roll off the tongue so well!)
“That’s ok, I work in the US, why should I care about some EU regulation?”
Well, it doesn’t matter where you are based, if your business has anything to do with any EU individual or business, then you’ll have to comply. It also addresses the export of personal data outside the EU.
“Why are you so excited?, Is it actually cause for a party?”
I am genuinely excited. This regulation will positively change the way our data is manipulated, brokered and auctioned off throughout the world. For example, even before the online boom, how much junk mail did you receive through your letterbox? Where did it come from? How did they get your home address? It is positively scary that hundreds of businesses have your home address lying around in a database somewhere, on an excel file on somebody’s desktop, or in that printed stack of paper outside the supervisor’s office. (Yes, it also applies to paper data!)
That’s not even beginning to consider how many businesses have your credit card number, your telephone number, email address or even your sexual preference!
I don’t want that.
I don’t want them to have my data lying around waiting for a criminal to take advantage of lax security to copy my details and clone my identity. The dark web is full of individuals selling personal data. It’s big business! I know GDPR isn’t going to solve all of these issues all at once, but if it makes just one business sit up and say that they will make every effort to secure their customer data to keep it safe from thieves, then for me that is an excellent start.
“I have a friend who is a qualified GDPR practitioner, I’ll be ok.”
No you don’t.
At the time of writing this (18/12/17), there are no official GDPR qualifications. Yet, when I google “GDPR Qualifications” there is an entire page of training courses, and certifications. Sadly, It’s all a scam. Most of these sites offer delegates that they will be “awarded the ISO 17024-accredited EU GDPR Practitioner (EU GDPR P) qualification by IBITGQ”
As impressive as that sounds, it means nothing. Effectively, it is ISO 17024 qualification, including ‘aspects’ of the GDPR. Don’t get me wrong, a qualification in ISO 17024 is an excellent start to your certification journey, but it has nothing to do with the GDPR.
It’s the same on Linked In, it seems every man and his dog is a GDPR qualified practitioner, but unfortunately, they are not qualified officially.
“So what gives you the right to talk about this authoritatively?”
Well, the short answer is, I don’t. This article, and others I have written before are all my own opinion, as honest as I can be about each subject. I have read through the regulation, I have noted the big important changes that will happen, and I have had intellectual discussions with my peers about it. GDPR is a discussion to be had, it’s not an IT problem, it’s not just a data security problem, it’s a business and process problem. I feel like it’s my duty to help and assist people who want to know the whats and whys of the GDPR, not everyone has the time to read and understand the entire regulation.
So exciting stuff, but actually cause to party?
Absolutely, I mean who needs an excuse to party? Seriously though, there are many benefits for the individual that people just don’t know about.
For example:
- Data protection officer – ensuring a single entity is responsible
- Right to erasure – Yes, as an individual, you have the right to contact companies and ask for your data to be deleted forever.
- Consent – You need to give your approval before anything happens with your data
- No more convoluted complicated tick boxes and sign up agreements. Would you/Would you not like/not like to have your information used by Marketing/Not by Marketing, please tick or uncheck this box □. This practice will no longer be allowed. Instead, it has to be very clear.
- Breach notifications. The longer a business leaves it to report a breach, the heavier the penalty. (Are you listening Equifax?)
So I hope you can see why I can’t wait for May 25th to come round. I’ll be keeping my glass topped up! Prost!