Our guest writer today is Phil Brown, fellow Rainmaker and Partner Member, Norfolk’s Data Protection Mardler.
Let’s be clear about one point, your personal data is yours and no-one else’s. The fact that many people may have it or that you have given it to a business in exchange for a service or that many authorities are in possession of it changes nothing. It’s yours and it’s valuable – the trouble it’s also valuable to others, especially those looking to make money, lawfully or otherwise, from having it.
You may feel as an individual that you have lost control, but all is not lost. Even if you’ve spent the last 20 years signing into the ‘information society’ you have ‘rights’ and these are enshrined in legislation and have been for some time. Furthermore, since the General Data Protection Regulation (GDPR) was enforced (in May 2018), those entrusted with our personal data have to be, by law, transparent and more accountable in the way they process it.
Embracing it is the only sensible option
To many small business owners, the arrival of the GDPR was a shock and an unwelcome overhead. That’s because for years they had been paying little or no attention to the relevant laws. Indeed, it may never have been an issue and was probably seen as something only better-resourced companies needed to worry about.
The consequence of all this is that when the law changed last year, the vast majority of businesses had a significant decision to make, either (1) embrace the requirements en masse, (2) throw the problem to the bottom of the ‘to do’ list and hope it never surfaces or (3) just pretend the GDPR never happened.
I am of the view that option 1 actually makes sense from a business point of view and that options 2 & 3 are, frankly, irresponsible. Data protection is about the prevention of abuse and misuse of the personal data that a business happens to process; your aim as a business owner should be to practice sustainable privacy management. If you do choose to review your personal data processes (a sort of data spring clean), the chances are that you will reduce your liabilities, optimise your procedures and enjoy increased customer confidence.
Understand the value of well-managed data and compliance with the law
The logic is this: If a business understands why its processing personal data and against which lawful basis, where it is being processed and stored, and for how long, it will be going a long way to appreciate the value of other people’s personal data and be aligned with the law. The less a business holds, the less there is to maintain and the less there is to lose.
There are plenty more reasons why this is the right approach but among them is that one day you, the business owner, will be asked some very detailed questions from the very people that keep you in business – your customers. This is when you might realise that the value of personal data, and its handling, is worth a lot more than you had ever imagined.