Data holding is no longer something an organisation can take lightly, it needs serious thought and processes put in place.
The General Data Protection Regulation is the process by which the European Parliament intends to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside of the EU.
The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It was adopted in April 2016 and applies from May 25, 2018, after a two-year transition period. Unlike a directive, it does not require any enabling legislation to be passed by national governments.
The Information Commissioner’s Office has already stated it will keep, or enhance, the GDPR position, even when the UK exits the EU, for any UK centric breach. However, should a UK company wish to trade with the EU post Brexit, then such companies must abide by the GDPR rules, so there is no escape!
I am constantly surprised at how few businesses are taking GDPR seriously. I can perhaps understand some of the ‘cavalier’ attitudes and the ‘it won’t happen to us’ positions, but it is the ‘we don’t hold personal data’ which is the most puzzling stance. We all hold personal data of some sort and even if we operate in a B2B world, how can we be sure that the mobile number on a person’s business card is not a personal one rather than a company issued one?
Building management companies need to pay attention to GDPR as well. I suggest they need to reflect on where they store their gathered data. For example, most smart buildings have keyboards and screens to enter a person’s details when visiting a location. Often a visitor badge is printed out and presented to the visitor. But where is that visitor data held, is it secure and who else has access to it? If GDPR is taken into consideration, how long will that data be held for and in the event of a data disclosure request by a previous visitor, would that data be easily located and retrieved?
Click Here to read the full article