Somerset County Gazette column – 21 September 2017
Dale Edwards, Chief Executive of Somerset Chamber of Commerce
The last decade has seen much debate about the power of big data, which has allowed businesses and organisations to offer more bespoke and targeted products and services tha
Whilst there are obvious benefits for both the business and the end user, it can also raise ethical questions – not just relating to rogue businesses, which are in the minority, but many reputable charities and businesses have also been accused of distributing junk mail in recent years.
It therefore became clear that the regulations surrounding data needed to change and move with the times. This has been underway for some time now, with the introduction of the EU-driven General Data Protection Regulation (GDPR) replacing existing UK data protection regulations. Whilst technically already in place, this will become enforceable in May 2018, with significant fines of up to €20million or 4% of global turnover, whichever is the greatest.
You may recall the TalkTalk cyber-attack in October 2015, which resulted in a fine of £400,000 due to data access breaches. If this attack had happened once GDPR had become fully enforceable, it is likely this would have cost TalkTalk the maximum fine, which would have been disastrous from a financial perspective. Notwithstanding the significant financial penalties, reputation can also be severely damaged as customers demand greater protection of their personal data.
Whilst the rules are complex, businesses should not see GDPR as the new business prevention department, but an opportunity to review organisational culture and to manage data more effectively. I recognise that the impact on businesses large and small will be significant, but although we are leaving the EU, GDPR is here to stay. Policies, structures, security and compliance will all have to be reviewed and potentially changed, and will need to be adopted by all in the organisation, from CEO to apprentice.
Looking on the positive side, if businesses and organisations take the ‘sunny side up’ approach, the opportunity to demonstrate their strong ethical credentials to their customers, prospective customers and the wider community can create a positive way to build stronger relationships.
So generally speaking, what do businesses need to do? Overall you should know what data you have and why you have it, ensuring that your data is managed in a structured way. Take ownership for the management of that data, with clear understanding that everyone in the business needs to be part of the process. And make sure your data is secure, by designing infrastructure to encrypt the data. Finally, be prepared for the unexpected and, if unsure, seek external advice.