While Data Controllers and Data Protection Officers are racing against time to compose policies, run risk assessments and get the legal department to clarify 'legitimate interest', it might be helpful to look at what GDPR actually means from a consumers point of view.
Here's our summary of what GDPR really means for a consumer:
- My personal data belongs to me, not you.
- If I give you permission, you can hold my data on your systems and process it in ways that we have agreed.
- If you want to do anything else with my data, I expect you to ask my permission.
- If you have collected my personal data from a source other than me, I expect you to tell me and ask for my permission to hold it and process it.
- I expect the personal data you hold to be accurate.
- I expect you take measures to ensure my personal data is secure.
- If I ask you what personal data you are holding, I expect you to tell me.
- If I ask you to correct personal data that you are holding - or to delete it - I expect you to comply with my request.
Is it really that hard?
When you look at the intent of GDPR regulations, is there really anything that a well-run, ethical business would have a problem with?If GDPR compliance means cleaning up your databases, reviewing how you use personal data, beefing up your security procedures and educating your staff about data privacy, how is that a bad thing?
Smart companies will use the GDPR compliance exercise as an opportunity to re-engage with their customers and will sell their data protection measures as a competitive advantage.
Data protection shouldn't be a burden for business, but rather a pre-requisite for doing business at all.
No comments:
Post a Comment