Pragmatism governed the morning talks at GDPR summit in London, where listeners were given a stark reminder of how hard organisations need to work to improve their handling of consumer data.
In the Consent & Age-related Digital Rights theatre, Chira Rustici began with a bang:
“Data is regulated industry: get over it”.
The GDPR analyst and author then outlined how secure profiling and the safe handling of raw data sources are huge concerns for organisations aiming for GDPR compliance.
Further question marks were sketched over the big companies that say they’re in support of GDPR; that's all well and good, but what are the multinationals’ data handling specialists actually doing to meet the demands of the new legislation? More pressingly, do they and other businesses have the technology in place to back up the big talk?
The board also voiced a concern that, like the recession of 2007/08, the problem of data security may lie in a place that remains unexplored. The issue is highlighted by a worrying complacency coming from the major corporates: do some feel too big to fail when it comes to data security?
Careful strategies need to be implemented regarding compliance and, more pertinently, data consent among adults and children.
A culture of responsibility
Lisa Atkinson of the UK Information Commissioners Office said: “Reasonable efforts must be made to verify parental responsibility.”
Precisely what “reasonable efforts” constitute is a question that will continue to evolve as we move towards and through spring 2018.
Consent is not meant to be an easy option, but on the part of enterprise, businesses must start to put children’s rights at the heart of the data processing design.
“A data protection impact assessment is a good place to start,” Atkinson said.
Priority number one: “Turn off the data taps – we’re already flooded with data,” added Chiara Rustici, highlighting the need for businesses to just take it easy with the data harvesting and instead focus more on compliant handling of the information that is already held.
To get off on the right legislative footing, firms must consider the framework of GDPR; audit accountability is a key concern – think about being able to evidence how you deal with data responsibly. What systems do you have in place? What are your policies on confidentiality? What are your process checks?
These issues are of heightened urgency for companies with a client base that involves children.
Dr Rachel O’Connell shed philosophical light on the discussion’s conclusion, by defining GDPR and data protection as a social contract between businesses and end users.
The viewpoint emphasises the renewed responsibility that organisations should feel upon their shoulders.
It fosters an ideal climate for the emergence of disruptor companies that will invade markets, championing compliance and their respect for the relationship between business, parents and children.
When simply downloading a torch app allows a host company to glut itself on personal data, the individual is left cruelly in the dark regarding how much of their sensitive information risks being lit up like a Christmas tree.
And at what cost to both firm and family?
“The cavalier days of data are gone. We are all far cannier about personal data usage,” says Carol Tullo. It’s a cry that all businesses must heed.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
comments powered by Disqus