GDPR introduces an obligation on data controllers and processors to show how they are complying with the data protection principles. This includes the creation and maintenance of data processing registers. If not already in place, comprehensive governance measures should be put in place to minimise the risk of a breach and safeguard the protection of personal data.
Last Thursday (14th September) PwC hosted a roundtable which saw the firm bring together some of the North West’s leading businesses to discuss the implication of GDPR and what businesses need to consider before May 2018 when the new regulations will come in to force.
The key findings that came out of the discussions were:
· It was recognised around the table that all organisations are at a different stage of maturity - some having stronger privacy operating models than others or have their data documented already.
· The role of the Data Protection Officer is key to informing people on the boundaries of what they can and cannot do with data.
· Being fully prepared and knowing how you have to respond when/if a breach occurs to both the regulator, your customers and the market.
· Having the correct level of resources available to deal with the expected increase in ‘subject access requests’ following the introduction of the new guidelines.
· Right to erasure – also known as ‘the right to be forgotten’. The broad principle underpinning this right to enable an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing. Tackling the balance between regulatory, legal and business need is not as straightforward as it appears.
· Drawing the line under data discovery when it comes to paper data.
One thing that all those present agreed on was - all businesses, large and small, should be assessing their interaction with personal data and how GDPR will impact them and the sector in which they operate.
Given the level of change that may be required, the deadline of May 2018 could arrive far sooner than anticipated which could have serious implications for some.
Any businesses wishing to discuss GDPR and the impact it may have on them in more detail should contact:
Stephen Mills, PwC Director Data & Analytics North
Mobile: 07966 265 804
Gareth Neal, PwC Senior Manager Data & Analytics North
Mobile: 07711 589 155