By Brian Cowan
A full audience at the DW Stadium in Wigan for the Keytech GDPR seminar on Friday 10th November
This GDPR seminar featuring speakers from Keytech, Stephensons Solicitors LLP and Attain Digital attracted an audience of more than 50 business people from the North West. It was intended to stimulate discussion with the audience who played their part in making this an informative and productive session.
First to the stage was Stuart Crook from Stephensons, who built upon previous “What GDPR is” events, providing practical steps towards becoming GDPR ready. This looked at GDPR preparation from the Legal and Human Resources angles. GDPR is about the management and protection of Personal data and Stuart’s presentation provided an invaluable insight of what this means for organisations and individuals. Organisations must be able to justify the information that they hold on individuals and be able to provide this upon request.
This raised questions about the responsibility of organisations to deliver personal data reports within 30 days and the potential impact on businesses trying to meet these demands. Stuart concluded his session by outlining the services that Stephensons have established to support their customers through the GDPR implementation process.
Next up was Danny Parker of Attain Digital, a Wigan based digital marketing organisation. Danny addressed the need for organisations to document, understand and manage the personal information that they hold. He also explained how marketing will change with GDPR and described the “double opt-in” process that is essential to avoid contravening the rules.
The discussion that followed would have been worthy of a separate event in itself. It included:
Q: We don’t do email marketing so does it apply to us?
A: If you store names, email address or any other personal information about customers or staff it applies.
Q: Some of our information is on paper, not computers so does it apply?
A: If you store the information it applies to you, no matter what the medium. Added to this, leaving scraps of paper on desks with personal information written on them could result in a breach of GDPR rules.
Danny also discussed the need to assess where information is held, why it is there and how long it needs to be kept for.
Finally, Andy Pilkington of Keytech described ways in which data can be catalogued and protected from breaches. Knowing what and where the information is represents the first challenge and there are tools that can reduce the manual workload for the initial assessment and subsequent long-term management of data.
He also discussed one of the few methods of demonstrating Cyber awareness to customers, suppliers and the authorities in the event of a data breach, Cyber Essentials certification. This Government backed program allows organisations to demonstrate that they have prepared and implemented a plan for protecting personal data. As there is a simple certification process, an organisation can publish and present this ass proof of their commitment.
Andy also discussed the threat to business of a loss of IT services due to traditional faults and malicious intent through Ransomware, other malware or internal actions, whether accidental or deliberate. He concluded with a description of some of the products and services that can reduce or remove the threat to business computing.
The event concluded with an “Ask the Panel” session where all three speakers were on stage to respond to a very lively and well informed series of questions.
The highlight of these was founded on the ownership and responsibility for data compliance in a supply chain where a customer is referred on to other parties with their consent. As the panel provided answers, new scenarios were added by the audience to challenge them further.
The GDPR seminar was successful in that it answered many questions that the delegates needed to address. It also provided resources to help in the planning and implementation of GDPR. In contrast to other GDPR seminars, this did not attempt to scare the audience with the threats of fines and other repercussions. Instead it offered a path to GDPR readiness.
This is not just a UK thing, nor is it a piece of annoying Brussels bureaucracy. It is a major change to the way that the world handles and respects personal information. In the USA, Canada, China, Australia and other major trading nations there are changes being made to support GDPR compliance. With the uncertainties of Brexit in 2019 it is essential that UK businesses implement GDPR to ensure that as a nation, we are ready to work with the rest of the world. This GDPR seminar addressed a wide range of subject areas and was well received by the audience.