The General Data Protection Regulations (GDPR) kicks in on May 25th, and promise to be one of the most comprehensive shake-ups of how data is handled in history. It’s not just European companies which will be affected: anyone hoping to do business with the European Union and Britain will have to ensure that they are up to scratch. That’s a big boon for customers, who will have access over who gets access to their personal information, but a massive wall for companies who have often played it fast and loose when it comes down to security.
Our Insight piece last month picked up that guides remained the top trending terms with regards to GDPR – so for this blog , we’ve come up with some of the best writing on GDPR – for companies and for customers – showing how businesses can stay within the lines.
A very clear piece, with some case studies of how companies affected by GDPR will have to change their business practices to stay compliant. It also includes an important section on how GDPR shifts the barriers on the right to be forgotten. Where it used to be the responsibility of data controllers to ensure data privacy, data processors (including big companies like Microsoft and Amazon who host data for other businesses) will now be on the spot to deal with the issue: a potentially Herculean task depending on how well their data is kept.
How the EU’s latest data privacy laws impact the UK’s online universe: Tips to prepare your website for GDPR – The Drum
A great step-by-step guide to how to GDPR-proof a website, with a breakdown of potential areas where sites can fall out of compliance. It’s simple, but makes clear how easy it is to fall foul of the new laws without firm preparation.
A worthwhile read for both users curious about their new rights, and companies who will have to ensure that they are met to avoid hefty fines. These include the right to access any data held on them by an organisation, the right to withdraw consent at any time during the data processing or collection period, and the right to judicial remedy against data controllers and processors.
Less of a guide than the other pieces but a good read nonetheless for those keen to understand how the information ecology is fundamentally shifting. It points to the increasingly high number of annual breaches affecting large companies – and the fact that the fines levied against them under GDPR will make storing so much data so poorly potentially cost-ineffective.
A handy piece for charities and small businesses looking to stay compliant, right from the horse’s mouth, including links to the ICO’s self-assessment page and other tools and guides to ensure that businesses don’t stray beyond the lines.
The GDPR present a challenge to existing norms, and businesses will have to step up to stay in check. But they also present an opportunity for ethical data processing, and a greater bulwark against the breaches which seem to plague the tech industry: a vital step, at a time when big tech stands on the brink of moving forwards or falling into the way of old monopolies.