DPA and GDPR will soon mean a lot to businesses 

The General Data Protection Regulation (GDPR) replaces the Data Protection Act (DPA) in May 2018. It provides a new data protection framework to cover the collection, processing and protection of personal data on EU citizens and will have an impact on all business.

What will it mean for UK businesses?

Gone are the days when you needed to look up information in a telephone book to find contact details and business information – and hope that someone hadn’t torn out the very page you needed! Those were the days before the internet, before cloud, before the technology and digital transformation that is happening in every aspect of our personal and business lives, at just about every touchpoint where we interact with our world around us. With the amount of data generated from all our connected activities, and the mining of this data – people are found, whether intentional or not.

A high value is placed on data, information is gathered, and algorithms constructed – and all of this has proved very useful for businesses, especially small businesses who often rely on this for marketing and promoting their services.

One of our Network Group members, Urban Network, has recently published a blog on their website to address some quick key things you need to know about GDPR, and how it impacts on IT businesses, in particular. This information will be highly useful for our own Network Group members, but also for a wider business audience as it will have a big effect on how we approach new ways of reaching our customers, their buying habits and preferences. This also fits in with our group's Shapeshifting message, and the need to adjust, adapt, be flexible and open to new ways to stay ahead of the curve (more articles in our blog archives).

Here is an excerpt from Urban Network’s blog, and it is worth a full read here.

Why does the Data Protection Act (DPA) need to be replaced?

The DPA was implemented in the 1990’s when there was no social media or cloud computing. It does not reflect how we now live and do business; we need better ways to protect and use personal data.

Is this really just an IT issue?

No, but having robust IT systems will be essential to being compliant. The GDPR references the need for “…appropriate technical and organisational measures be taken” 10 times. You need to have processes and procedures in place to deal with issues such as removing personal data when it is no longer required, or someone has asked for their data to be removed, and data protection requirements are always considered when updating a process or system that uses personal data.

With regards to data mining, privacy is the issue that controlling body organisations are most concerned with. One of the questions they pose is whether it is ethical for a company to share its data with another company in order to better understand its customers, and principles of privacy.

We will certainly be bringing more of this to you in the months to come.

Contributor - Perry Ashby, Urban Network; Editor - Karin Dubois, Head of Marketing