Only the EU could make data protection a hot topic of conversation. Its GDPR (General Data Protection Regulation) legislation comes into force in one month’s time, after which businesses will be liable for massive fines if they fail to comply.
You’d think, from the relentless barrage of advice from consultants over the last year, that we’d all be fully prepared by now, but apparently not. A January survey of 1,000 senior executives across Europe found that 60% were unprepared for GDPR. In February, the Federation of Small Business (FSB) determined that 34% of small firms had only little understanding of the legislation, and 18% weren’t even aware of it.
The basic principles are quite easy to get your head around: you can only use personal data for the explicit purpose for which it was collected, then you have to delete it; people have the right to be informed about the data you have on them, and the right to make you delete it.