So what can I say about GDPR? Sadly for the Stripe team the term doesn’t stand for God Damn Public Relations, if it did we’d ace that.
What I’m talking about is the General Data Protection Regulation, not the most exhilarating topic perhaps, but please don’t stop reading, let me explain…
The regulation is a new law that will come into force across the EU (including the UK, we’re still in it for now) this May. The law makes it incumbent for businesses to safeguard all their staff, client and supplier private information; meaning that they have to be a lot more sensible about the personal information that they collect and store.
The UK’s existing data protection law was created back in 1998, the same year Geri left the Spice Girls, Titanic was top of the Box Office and two PhD students from California created a little-known search engine named Google. Needless to say, a lot has changed since then and the law relating to data badly needed updating for a new generation, one that communicates, shops, banks and does business online.
Almost every week the media reports on yet another company that has either fallen prey to hackers or has inadvertently shared customer information with a third party. This dissemination of personal information leads to an array of problems, ranging from nuisance phone calls (“Have you been mis-sold PPI?”) through to fraud and identity theft.
Last month the user database for popular app My Fitness Pal was hacked. I’ve intermittently used the app to chronicle my various failed attempts to shape up. As a result of the hack, I now know that my contact details and (even more terrifyingly) my weight could be in the hands of anyone. And this is small fry compared to other headlines – the patients whose NHS medical records were hacked; or the Grindr users whose HIV status was sold to a third-party marketing firm…Life is getting a little too Black Mirror, and that is exactly why we need GDPR.
Like most professions, in the comms industry we do, by trade, collect some personal data. In preparation for the upcoming law change, we’re implementing new and secure processes for managing data, emails and encouraging our clients to do the same. Our goal is to ensure all the data we keep on file is up-to-date, relevant to our business, and above all, stored safely.
The law sets a new standard for data protection and makes businesses accountable for how they control and process data. It will require changes in mind set and processes, but ultimately, the outcomes are positive; the law will help us ensure our privacy and reclaim a degree of autonomy in the digital age.
Three cheers for data protection.