On Tuesday 6 March our members gathered in the library of the Royal Society of Chemistry for the first event of this year’s Business Insights breakfast series.
The March Business Insights event; Countdown to GDPR, is your business ready?, saw highly acclaimed media commentator Madeline Bennett chair a panel of GDPR experts – Julian Ward, Partner, Lee & Thompson LLP, Clare Blunt, COO and CFO, Hearst Magazines UK and David Smith, Head of GDPR Technology, SAS UK & Ireland – to discuss the context surrounding the new GDPR legislation and what these imminent changes mean for member organisations and businesses.
GDPR and new data protection regulations will impact every business in Piccadilly, St James’s, Leicester Square and beyond. With the London Chamber of Commerce suggesting one in four London businesses aren’t ready for the change in legislation the event provided an opportunity to explore the implications of GDPR and what practical measures organisations and businesses need to take before and after Friday 25 May 2018.
We will be sharing the results of the Live Audience Polling shortly.
Key takeaways and practical guidance:
GDPR is an evolution of current laws, not a revolution:
Businesses who already have a structured data collection and storage system in place should find they have less to worry about come the 25 May.
Privacy by design:
All new technologies and systems should be developed with GDPR regulations and data at their heart.
Training and appointing a Data Protection Officer (DPO):
Organisations should take steps towards ensuring their staff understand the new regulations and consider appointing a DPO to take responsibility for compliance.
Document and demonstrate processes:
Ensure your business has clear processes in how you consider personal data and the way in which it is collected, handled, used and stored to demonstrate good governance at every stage.
Businesses should always consider and comply with two of the key legal justifications for storing and using personal data; consent and ‘legitimate interest’.
Databases should not be more than 7 years old. Rationalise and reorganise databases to remove what is not legitimately required ahead of 25 May.
Understanding your data:
What data do you currently hold? How did you get it? How long are you keeping it for? Do you need it all? Ensure you understand the data you are collating and holding.
Understanding (and updating) how you store data:
Businesses should ensure they are securely holding and storing personal data and consider updating computer systems, software and employing security measures such as encryption.
Reputational risk should be considered a greater threat than potential fines. A loss of trust from consumers will directly impact a business’ reputation.
Transparency is key:
Businesses need to ensure they are open, honest and transparent with their customers about the data they are collecting and intentions for future usage.
Where relevant, organisations are required to seek re-permission from their customer base ahead of Friday 25 May.
Embrace the change:
The GDPR is an opportunity for refinement in how businesses use data and document their processes. Good governance can enhance your customer relationships.
The above list represents a number of the points raised at our Business Insights event on Tuesday 6 March, for legal guidance on GDPR and how Lee and Thompson LLP could assist your business, email Julianward@leeandthompson.com.