Don’t Let GDPR Drag You Down—Allow It To Help Your Business Flourish
Jun 30, 2022
At the 2021 Information Commissioner’s Office (ICO) Data Protection Practitioner’s Conference, Elizabeth Denham, former Information Commissioner, stated, “Data protection has moved from a back-office function to being a career that has a real impact on the world.”
John Edwards echoed this positive point as he began his new role as UK Information Commissioner in January 2022 when he said, “Privacy and data protection are not values and rules imposed upon an unwilling populace by some external force. They are not burdens to be shucked off. They are laws that represent deeply ingrained features of the UK culture and legal system.”
Privacy is a fundamental right and privilege, but often this can be overlooked by organisations who don’t prioritise it highly enough. Adhering to the guidelines of the General Data Protection Regulation (GDPR) is compulsory for regulatory data compliance, but also essential for ensuring that the public’s privacy is at the forefront of working practises in every facet of the business world. From public sector industries—such as the National Health Service (NHS), police, fire and rescue, local councils, and schools—to corporations in the private industry processing personal data for hundreds of different purposes, a strong data protection culture is vital for businesses to flourish. This demonstrates to customers that privacy is not an afterthought, and safeguarding their privacy is at the top of a business’ agenda.
Privacy awareness and the desire for its application is not new. George Orwell, famous for writing one of the most intrusion-driven books of the twentieth century, “Nineteen Eighty Four,” once wrote, “The most hateful of all names in an English ear is ‘Nosey Parker.’”
Culturally, Britain is seen as a nation of the “stiff upper lip.” From this quality of uncomplaining stoicism, along with a mindset of hiding feelings and emotions, comes the notion of inner-privacy embedded in the British psyche. This can be summed up with a quote from journalist Jeremy Paxman: “The importance of privacy informs the entire organisation of the country, from the assumptions on which laws are based, to the buildings in which the English live.” From castles and impenetrable fortresses throughout British history, it seems in 2022—with the large chunk of our lives recorded and stored on a smart phone—a more fitting proverb may be that an Englishman’s phone is his castle.
Perhaps that’s why, as a nation, Britain is ahead of other countries regarding its privacy awareness—yet it could be better. Take something simple like user password choices, for instance, and vigilance to privacy is still surprisingly weak. A recent survey by mobile security firm Lookout revealed the most hacked passwords include 123456, iloveyou, qwerty123, 1q2w3e, and 666666. This comes three years after the National Cyber Security Centre published an article on this topic, citing the most hacked passwords. Simple steps to make passwords harder to hack is a fundamental need that is still broadly lacking.
GDPR put more awareness and control into the hands of the customer—through enhanced data rights and the “opt out” rule, meaning that good privacy is seen as a selling point for organisations. This could be through clearer privacy policies, a privacy by design approach to new initiatives, and easier ways for customers to access data held about themselves.
With this in mind, privacy and GDPR should be a tool to drive positive change and insert the kind of privacy compliance into your organisation that will show your customers that you value their privacy as paramount, thus building ironclad trust. GDPR needn’t be a road-blocker to business practises—it should emphasise how to safely apply business practises to personal data, rather than a “don’t do” approach. With that in mind, the ICO is a lot less reluctant to enforce fines and actions.
Pre-2018 and GDPR, typical businesses gave little thought to their data protection compliance. Fast forward four years, and strong GDPR compliance can be a competitive advantage that enables safe innovation, and not just for huge global organisations. Many small charities, parish councils, start-up businesses, and talent agencies have all stepped up and shown that thorough data protection compliance ensures customer relations and trust. By prioritising data protection, organisations not only dramatically reduce their risks of compliance fines, but they can build better relationships with partners and customers.
CTG can provide your business, no matter how large or small, with the right framework, support, and compliance necessary to ensure the privacy of your customers is at the forefront of business practises and decisions. Get in touch with us today to discuss your GDPR needs—whether you need help with privacy policies, data breach management, or a simple GDPR assessment, let’s move forward together to make your organisation a champion of GDPR compliance.
Explore our comprehensive suite of GDPR Compliance Solutions to learn more about how we can support your organization wherever it may be in its data protection journey.
Data Privacy Consultant
Andy is a Data Privacy Consultant with more than 10 years’ experience in Data Protection, GDPR, Freedom of Information, and Law Enforcement Processing. He worked for the police for over 16 years and is interested in how privacy and information security applies to all walks of life—both business and personal. He has a certified practitioner’s qualification in Data Protection and GDPR.