There has been much said and, to be fair, complained about the GDPR data protection regulation, since its introduction last May. There has been criticism about the cost, the need, and the resource consumption within organisations being a business killer and most definitely a conversation stopper. What’s been forgotten is that the GDPR does not prevent data processing when done with respect for the data.
Accountability is a common principle for organisations across many disciplines; the principle embodies that organisations behave responsibly in the delivery of their products and their behaviour towards those with whom they interact. The General Data Protection Regulation integrates accountability as a principle which requires that organisations put in place appropriate technical and organisational measures and be able to demonstrate and prove both what they did and its effectiveness when requested. Organisations, and not Data Protection Authorities, must demonstrate that they are compliant with the law. Such measures include: Adequate documentation on what personal data is processed. How, for what purpose, and for how long, data will be processed for.
Documented processes and procedures aiming at tackling data protection issues at an early stage when building information systems or responding to a data breach. T
he presence of a Data Protection Officer (if required) who is integrated into organisation planning and operations etc. The GDPR places direct data processing obligations on businesses and organisations at an EU-wide level and it’s not going away. Website owners (which include most businesses) have to provide clear transparency to inform their visitors about the personal data they collect, how long it is kept, with whom they share the data and data subjects’ right of access and rights to delete, amend etc, including the right of portability. The information should be provided at the time of data collection, and made accessible on each webpage, in clear concise language.
We understand the challenges.