Under the European General Data Protection Regulation (“GDPR”), for some organisations it is a mandatory requirement to have a Data Protection Officer (“DPO”), whether this is in-house or outsourced. However, mandatory or not, a DPO can still be beneficial to all firms who need guidance and support to ensure compliance with GDPR.
There is no denying that Apple have revolutionised the way in which we communicate across the globe. Since the production of its first iPhone, unveiled on the 9th January 2007, its sales have created a profit of over 3.7 billion, resulting in the organisation becoming the first public company worth more than 1 trillion dollars.
Little did Apple predict the worm around the corner…
One of the more misunderstood aspects of GDPR has to be how companies can process personal data. This is covered in Article 6 of the regulation and even though there are 6 different scenarios allowing for the legal processing of personal data, the only one we are asked about on a regular basis is “Consent”. There is some justification for this given it is likely the most likely means for legal processing for most companies and the most transparent. That does not mean we should ignore or forget the rest. To give a bit of clarity and shed light on all 6 ways to legally process data we provide the following. It is each of the 6 justifications, a further description and an example of when that justification might be used.
My GDPR journey
When I first began my professional GDPR journey in 2014, I was working as an in-house B2B marketer. At that time, I began researching the draft legislation and was trying to figure out how it might later impact my everyday work in the marketing department. Of course, I was also doing it so I could advise the senior management team on what the expected changing legal responsibilities would be. Furthermore, it occurred to me that a data breach and any negative attention from it could undo months and years of hard work I’d put in to build the company’s brand and reputation. It was then that I suddenly felt a greater weight of responsibility and duty of care for the personal data I was tasked with handling.
TSB have had a disaster to deal with. Lots of press coverage and all for the wrong reasons. A major IT change that resulted in days of customer chaos. Disruption that lasted for over a week.
IT infrastructures are increasingly complicated, particularly in the large Banks, but I think it is irresponsible of people to say they are held together with sticking plaster. However, the complexity does mean that implementing change requires strong discipline and management.
Here are some points to consider.