On the train to GDPR with Ella Fitzgerald: ‘I am in Heaven’

I was privileged to be invited to a Microsoft GDPR event in Brussels recently. At the last minute, I decided to take the train – this first time I’d used the Eurostar since it first opened in Christmas 1994 (now I feel old!).

With the ‘Best of Ella Fitzgerald’ as my companion, we left the station and started to build up a head of steam – a bit like ourselves, as we help more and more organisations prepare for the impending EU regulation…


A happy passenger

The event, like the journey, did not disappoint.

I came to the realisation that GDPR is not just a responsibility to secure and protect personal information, but something really exciting that will benefit citizens and business.

We’ve been focused on developing and delivering GDPR services to ensure businesses meet their compliance obligations, but we’ve paid less attention to the benefits of GDPR.

“I would like organisations that hold or process my personal information to take more care of it.”

Personally, I would like organisations that hold or process my personal information to take more care of it; to only hold information that I am comfortable with; and to only share my information when they have my permission. I would also like more control – after all, it is mine. This is just good manners with personal information in a data-driven world…

The speakers at the event in Brussels helped me understand more about GDPR from a personal perspective – and kept it interesting (not always an easy task with data protection).


A clear track

The event run by Microsoft had many excellent speakers, including Enza Iannopollo from Forrester and John Frank, Microsoft Vice President EU Government Affairs and author of Microsofts EU Policy Blog.

Enza had a really good perspective based on her work at Forrester, experiences with data protection, and her time spent with customers. I particularly liked the analogy that we were taking part in a Copernican revolution.

That is a real change in thinking. Lots of organisations just don’t realise how relevant it is to them, and are failing to prepare and respond as a result. We were told only 30% of organisations felt they were ready.

The key pillars of GDPR are:

  • Personal Privacy: we should have rights around our personal data; we can see what is being held; our permission is sought; and we should have the ability to correct errors or remove.
  • Controls and Notification: organisations should do a good job of looking after it with appropriate controls; notifications of breaches; by obtaining consent; and keeping records
  • Transparency: it should be clear when data is being collected; what it is intended for (including processing); there should be clear data retention and deletion policies; and again permission should be sought

It applies to any company holding or processing personal identifiable information of European Citizens, even if that company exists outside of the EU.


A fixed track

Despite Brexit, UK companies (or any companies inside or outside of the EU) will need to comply if they have personal data for citizens based in the EU.

GDPR has been a long time in development, very much like the channel tunnel I passed through on the way to the conference. Quite a feat of construction – built on the shoulders of giants. The really exciting part will be the benefits provided after the launch.

GDPR builds on previous legislation, such as the Data Protection Act 1998. It follows well thought through principles, so we should feel confident that our personal information is being held and processed in a manner that we are comfortable with.


No stops on this journey

Don’t bury your head in the sand or think this is a one-off process. Don’t think that, come May 2018, we are done.

“This is a rolling start.”

Like the train I took to Brussels, “this is a rolling start.” We have to be ready and moving, and then continue to work on and develop our approach and behaviour. We have to develop appropriate policies and controls, educate our employees and communicate with our customers.


Travelling at high speed…

So what were the best things about my trip to Brussels. Well, I’m even more excited about the benefits of GDPR, the train ride was excellent, and, wow, Moules et Frites and Beer…

Learn more about our GDPR Assessment Service. We can help you analyse your technical and procedural controls, and offer recommendations for remedial actions as you prepare for the EU regulation.