We all know GDPR is the biggest overhaul in regulations governing personal data for decades. And to be fair, it was about time. Too many unscrupulous organisations were riding roughshod over the Data Protection act, buying and selling people’s details, and bombarding people with untargeted marketing messages.
GDPR will bring data protection regulation in line with how we use and process data now. There’s a bit to get your head around, but once you do, GDPR is pretty straightforward. If you collect and process people’s data, you have to make sure their privacy is respected, and protected.
- who you are
- what you are going to do with their information; and
- who it will be shared with.
Before you put fingers to keyboard you need to work out:
- what information you hold that constitutes personal data;
- what you do with the personal data you process;
- what you actually need to carry out these processes – a privacy impact assessment can help you to answer this question;
- whether you are collecting the information you need;
- whether you are creating derived or inferred data about people, for example by profiling them; and
- whether you will be likely to do other things with it in the future – this can be particularly important if you are undertaking large scale analysis of data, as in big data analytics.
If you would like more information about GDPR, or would like Flourish to help make sure your organisation is ready, get in touch with General Manager Ian Reeves. We’d be happy to help you out.