The new General Data Protection Regulation (GDPR) is an opportunity for Northern Ireland organisations to gain a competitive advantage and should not be viewed only as a threat to business.
That was the message relayed to almost 250 business leaders at the Danske Bank Advantage GDPR business breakfast held this week in the Europa Hotel in Belfast.
There are now just 30 working days until the new legislation governing use of personal data by organisations and the rights that individuals can exercise in relation to their personal data takes effect on May 25.
Speaking at the event, Fedelma Good, director in PwC’s data protection strategy, law and compliance team, said the regulations create new challenges for organisations but can also be used to improve their reputation with customers.
“Don’t think about GDPR as a threat to your business. It is an opportunity for us as individuals to understand more about the data held about us, but it is also an opportunity for businesses to improve how they engage with customers,” she said.
“Trust, transparency and accountability are at the heart of GDPR. Properly used personal data can make a positive impact on our lives but only if people trust the organisations using that data. Trust is achieved through transparency.”
Ms Good noted that every adult in the UK has information held by approximately 100 organisations. Companies get into trouble when they forget the people who sit behind the data and why they have collected it.
“When you sign up to a gym at the start of the year you are giving over personal data because you think it will have a positive impact on your fitness. But if the gym sells that information to a company selling insurance or gym clothes and you start getting calls or emails you didn’t anticipate, your trust plummets,” she said.
“GDPR provides a good opportunity for organisations to ask whether they really need the data they collect. Do they need a person’s name and date of birth – which makes them easily identifiable – or could the person’s age band be enough? Can they anonymise what is collected and still derive value from that data?”
Dr Ken Macdonald, Head of ICO Regions, said that the regulator’s aim is to build a culture of data confidence in the UK. Its statistics show only 20 per cent of the UK public have trust in how their data is used and only 8 per cent have a good understanding of how it is being used by others.
Dr Macdonald said the ICO is pushing organisations to make sure they are on a journey towards compliance, not looking to punish them with fines.
“To reassure you, the new regulation is about evolution not revolution. If you have been complying with the current Data Protection Act and following good practice up to now you should be well on your way to complying with the new GDPR,” he said.
“The starting point is to conduct an information audit so you know what information you’re holding, where are you holding it, who is it about, how it’s being held, when was it collected, how long are you holding it for and, importantly, why are you holding it.”
“If you haven’t started an audit it will be difficult to be in a position where you are fully compliant by day one, but we would advise companies to get the process underway.”
Shaun McAnee, Managing Director of Corporate & Business Banking at Danske Bank, said: “GDPR is potentially a huge issue for businesses of all sizes in all sectors and I think the interest that our Danske Advantage event generated shows it is a topic that SMEs in particular are concerned about.
“It was invaluable therefore to have Ken and Fedelma share their expertise and advice on the immediate steps companies should be taking to avoid fines and potentially even gain a competitive advantage in their markets.”