More than sixty business people attended a panel discussion on 14 November to find out more about the upcoming General Data Protection Regulation (GDPR), which is due to be enforced from May 2018.
Organised by Somerset Chamber of Commerce, the event was held at The Canalside in Bridgwater and was attended by businesses from across Somerset and further afield. The panel of speakers covered the topic from a range of perspectives including IT, legal, HR and data processing, providing useful information and practical tips to help businesses identify the key actions they need to take in order to be compliant with the new GDPR.
Introducing the event, Head of Chamber Services Alistair Tudor highlighted that GDPR will affect every business and the data it holds, changing the way in which we ask for, store, use and dispose of data. With fines of up to €20million or 4% of turnover, whichever is greater, he emphasised the importance of ensuring that everyone within the business and its supply chain is fully compliant.
Durgan Cooper from IT service provider CETSAT focused on the data issues that come from outside an organisation, underlining that all businesses are vulnerable to external attacks. He highlighted that the focus of GDPR is around privacy and discussed the implications of a data breach, referencing some of the external cyber threats that businesses should be aware of. He outlined a number of steps and technical controls to help businesses implement GDPR and protect their data.
Amy Cooke from Rebecca Bevins HR Consultancy referenced the wide range of sensitive personal data held within businesses, from recruitment records and personnel files to medical and financial details. She stressed the importance of ensuring that all areas of the business are involved in preparing for GDPR and presented a list of key considerations, from auditing the personal data held to training staff and revising policies, processes and contracts.
Chris Coughlan from Ashfords provided a legal perspective, covering the data protection principles behind GDPR and the key changes from the existing legislation. He stressed that all areas of a business collect data so every department must be involved in auditing it and taking responsibility for it. He also talked about the EU ePrivacy Regulation, the principle of Consent and the resources available via the Information Commissioner’s Office website to provide information and advice for businesses on how to comply with the new law.
Garry Ford from data processing specialists Latcham Direct spoke about the issue of needing to send data outside the business to a third party in the supply chain. He highlighted the need to review contracts and processes with all data controllers and processers, including third parties, ensuring that all are GDPR compliant and follow the code of practice. He recommended that businesses start planning now and reviewing their systems, cleansing and refreshing their data to ensure that they are GDPR-ready.
Following the individual presentations, delegates posed questions to the panel covering a range of topics including how to go about auditing data, issues around historical data storage, liability insurance, social media implications, and planning for a potential data breach.
Overall the panel agreed that GDPR compliance needs buy-in from everyone in the business, from the board to trainees, becoming part of the organisational culture so that good data protection becomes a foundation of business practice.
Following the event, Somerset Chamber Chief Executive, Dale Edwards, said, “Today’s event certainly provided food for thought and addressed many of the questions posed and concerns raised by the businesses present. However, there are still plenty of questions to be answered, not least from the Information Commissioner’s Office and from the government as well in terms of the implications following Brexit.
“As businesses, we should see the new GDPR regulations as an opportunity to re-engineer the way we work, making our processes more productive and more efficient, and putting in place a better customer relationship strategy, whether those customers are other businesses or end consumers. By having a compliant and respectful approach to personal data, firms can demonstrate good business practice and ethical credentials, creating a positive platform to build and develop stronger relationships.”