On 21 June 2017, The Queen confirmed the plans for the new data protection laws in her Speech at the State Opening of Parliament.
The proposed update to the Data Protection Act, dubbed General Data Protection Regulation (GDPR), will give young people the right to demand that social networks delete any personal data they shared before they were aged 18-years-old.
It intends to empower people to have more control over their personal data whilst still allowing the quick transfer of information between UK police and government and international partners.
But what do the new data protection laws mean for IT leaders?
Make data processing accessible: Under the new laws, users will no longer have to pay to obtain their data from organisations, subject to certain exemptions including repetitive or excessive requests.
IT leaders must anticipate more requests for data from customers, prospects, and employees past and present. What’s more, these requests must be responded to within 30 days. CIOs and IT leaders should provide staff with training on how to access and distribute data securely to take this burden off the IT department. This will ensure the requests are responded to quickly.
Establish new data breach processes: The new data protection act will require organisations to inform the contacts on their database that have had their details compromised. CIOs should have their security team collaborate with the marketing and PR departments to create standardised processes which keep contacts updated and reduce the likelihood of customers leaving the organisation.
Compliance requires teamwork: The IT team will be expected to manage changes related to GDPR, but actually it is the responsibility of all staff and stakeholders. If there is no data protection officer in place, CIOs must assign ownership to an experienced individual to oversee data governance processes. This individual will be responsible for ensuring the staff that handle customer data are trained how to manage it responsibly.
Bringing it all together
IT leaders must start to prepare their organisations for the major changes brought about by GDPR. Establishing processes for handling possible issues and training staff how to manage data carefully and securely are tasks that must be carried out.