Organisations in Europe and beyond are gearing up to become GDPR compliant, but many are doing so begrudgingly when in fact the exercise should be looked at in a positive light.
The GDPR provides organisations with an opportunity to develop a new philosophy about data governance. It’s a development that will protect your and my personal information from misuse and abuse.
Ownership to custodianship
For organisations dealing with clients, employees and suppliers – known collectively as data subjects in GDPR-speak – it means a fundamental change in philosophy regarding the personal and sensitive information they hold about them.
I like to think of the new regulation as data governance that gives organisations the opportunity to change from being owners – to custodians – of personal information.
Precepts of the GDPR
Some of the precepts of the GDPR philosophy are that:
- Data and personal information is a precious resource that needs to be taken care of rather than taken for granted.
- Personal and sensitive personal information belongs to the people whose information it is, not the holders of the information.
- Organisations can only use personal information with the permission of the people whose information it is.
- The granting of that permission is not a free for all, but for the purpose that an organisation’s privacy notice specifies.
- Personal information held by organisations must be disposed of when the legitimate purpose it was collected for has run its course.
Compliance as a competitive advantage
I know personally that I no longer wish to deal with organisations who abuse my information and ignore the rules of the regulation. More and more people will think this way as they become aware of the data abuses that are happening around them.
Personal data use needed a rethink. That rethink is the GDPR. It’s now time for organisations to look positively at the GDPR and its implementation.
Organisations who are GDPR compliant WILL have a competitive advantage over those who are not.