Brexit or no Brexit, the regulations for data protection in the UK change on the 25th of May 2018. The Government has confirmed that the decision to leave the EU will not affect the introduction of the GDPR.
So, what is the GDPR and who does it apply to?
I could really bore you here but in simplistic terms, the GDPR is a new ‘one stop shop’ set of regulations governing the access and control of cross border data and will replace the current legislation (Data Protection Directive) of 1995. The aim is to crate a consistent approach (European wide at least) to manage and protect people’s data. The rules will also govern how the data is transferred out of the EU. They apply to any organisations that control, retain or process personal information relating to any EU citizen in both the public and private sectors.
If you’re looking for some hefty bedtime reading or simply suffer from insomnia, I suggest having a good read through the information Commissioners dedicated GDPR pages here: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
We work with organisations of all shapes and sizes, public and private and many have expressed concerns that, as it stands, they don’t meet the regulatory guidelines from May 2018. What can they do? The first step has to be knowing where and what your data is and how it is transferred in, around and out of your organisation.
If you don’t know what or where your data is, how can you report on it? You can’t!
We conduct ‘Dark Data’ assessment for clients and often the results are staggering. Organisations backup a ridiculous amount of data unnecessarily increasing storage, retention and recovery costs and the volume of data being retained and backed up is increasing exponentially. We often hear ‘it’s easier to throw more storage at the problem that it is to address the problem’. This must change and the GDPR may just be the catalyst to change.
If you are legally obliged to retain data for x years, you must be able to report on your data. If you don’t have appropriate retention/archive and delete policies you could be retaining data considerably longer than you are legally obliged to. OK, so what’s the big deal with that? Well, even if you are not legally obliged to retain the data, if you have it, you must be able to report on it.
Our relationship with VERITAS is key to identifying and understanding where and what your data is, creating information management solutions and helping you down the joyous road towards GDPR compliance.
VERITAS Data Insight:
https://www.veritas.com/product/information-governance/data-insight
Check out the Data Insight and GDPR pages at VERITAS and talk to us today about how we can help. The clock is ticking.
Steven Brown