I went on a very detailed course yesterday with a very senior man whose involved in helping with GDPR.
It’s more scary than I thought, Any business or sub contracted business (Data owner or processor) will have to demonstrate data breaches, and data security in 72 hours of an event or face the fines – we all knew that. But that also include historic data and data management.
Any business – including STW for example – would have to remove all my data if I requested it, or face potential fines from goverment or legal approaches from me should I be refuse or even mentally afffected – stressed – by the outcome . Such is the untested and an metered reach of the law around this, our expert demonstrated that in his words “its equivelent to lawayers for you, they’ll be encouraging everyone to claim about everything – its the new ppi”
As we went through the detail I saw the ramifactions for business – any business where electronic data has been stored willingly or unwillingly is going to have huge administration problems. Its also going to be illegal to collect data by default – no more “I agree that XXXX will send me email regarding offers from time to time” tick boxes defaulting to “ticked” – it becomes an illegal practise. In additon this applies to any business globally who asks to store data about an individual or business within the UK or Europe. A US company with UK staf personell records for example as its passed under international law. Finally, it also applies historically to legal challenge – if a former disgruntled employee fired 10 years ago decides to request data deletion, is denied and gets “stressed” they can claim damages – holy cow
He also reckoned the UK is 15 years behind most of Europe in data protection practise, and is already behind the required curve to even think about how to manage GDPR. He said its going to be a single point of failure for masses of business as individuals and lawyers relaise they can make a fast buck BUT that those cases could go on for years as the vocabulary starts to be legally interpreted and word by word the GDPR regulation is cross examined.
Very scary stuff! Who is STW’s Data Governance officer anyway…? 😉