With less than four months to go until the new data protection law comes into play, businesses are being urged to prepare fully, as the changes will be seismic – and as complex as a Vacheron Constantin timepiece.
The new General Data Protection Regulation (GDPR) is being introduced on 25 May 2018 designed to ensure that good data protection is the cornerstone of any business policy and practices. It affects all aspects of business processing and how data is handled. The risk for failing to comply is ‘damage to both public reputation and bank balance’, according to Information Commissioner Elizabeth Denham, who recently spoke to business leaders at a Wall Street Journal event.
Anticipating the changing GDPR environment, this month CAM is finalising its six-month compliance journey with a specialist legal firm. As the ‘controller’ of our own data and that of our hosted clients, it’s imperative that we are fully compliant. We introduced CAM Cloud some 18 months ago to provide a completely robust and reliable hosted solution offering total peace of mind to CAMEO users. The CAMEO system is hosted in our data centre, allowing operators to work without the hassle of maintaining their own server and backup.
The compliance process uses a dedicated GDPR tool that involves a series of questions that provide an easy view of whether a company is compliant or not and what needs to be implemented to address any issues.
From this month, CAM is in a position to provide this online tool to our customer base. Working through the questions is a simple process, removing many of the complexities around GDPR. As the tool is created and updated by specialist lawyers our customers can be confident the latest legislation will be included when the need for review arises. CAM can also support our customers with elements of this process via the purchase of hours through our TOTAL Care scheme.
We have also reviewed our core software to support our customers as ‘processors’ of data. In addition, we will be making amendments to marketing opt in / opt out flags within CAMEO, as under the new rules, customers must opt in while the opt out option becomes null and void. Therefore, the software releases in May will append the flags to fit in line with legislation and will also ensure the opt in data is carried over as per the ‘legitimate interest’ section of GDPR.
At the moment GDPR awareness and understanding appears still to be low among UK business, yet government has made it plain that no business is exempt, and Brexit is no excuse for tardy and ineffectual data protection. A small investment now to ensure a business’ data processing is legitimate will avoid a potentially large fine and more later on.
- Ryan Naughton, Operations Director