By Stuart, May 24 2018 12:15PM
Many of you will have heard of “GDPR” – for those who have not, it is not a former East European country but a new approach to the thorny issue of data protection. Up to now the rules may have appeared somewhat cloudy and requests for information have often been met with a “computer says no” response. Well, things are changing.
In practice the new regime does not change things in relation to, for example, requests from outside parties for disclosure of a person’s data; if, for instance, someone out of the blue were to ‘phone a solicitor and ask for a client’s mobile number then s/he will continue to receive the same short shrift as before (we hope). Rather the new regulations are concerned with the rights of the “data subject” in terms of access to and control of the information held by an organisation and also in making requests for its deletion or destruction. The consequences of breaching the regulations are potentially severe – businesses could be fined of hundreds of thousands of pounds and in some cases, individuals may face prosecution.
The GDPR regime requires us as a firm to think carefully about how – and why - we retain information, how we store it, how we protect and safeguard it and ultimately how we dispose of it. From a business point of view there may be headaches but since we are all at the same time “data subjects” then perhaps we can adopt a more positive approach; after all, it could just as easily happen to us.
By Stuart McDonald