Marie Murphy
Sometimes I wonder whether the complex and high profile data protection cases that go through the European Court of Justice do more harm than good in advancing the adoption of good data protection practice. These cases are complex and inaccessible to most of us. They are argued by highly trained legal teams. The judgements are technical and written in torturous language that is difficult to understand. (Try putting an extract of a recent legal judgement through a readability engine, the results are very funny!). These cases can be important to challenge ambiguities in the law. They often highlight holes in legislation that the unscrupulous exploit (or carelessly ignore) at the expense of the vulnerable in our society. They raise genuine challenges to civil liberties. But they also send the message that data protection is complex, that its technical, that it’s something that requires teams of lawyers and long unreadable legal agreements to be presented to the end users.
It’s not a good message. It scares businesses into thinking that data protection is expensive and out of their reach. Companies don’t know how to deal with data protection and as a result, they ignore it. This is in nobody’s best interests. Businesses are taking risks of complaints, audits and fines. They are risking their business reputation and loss of customer trust. They are collecting data but not putting in place simple policies to handle that data in a trustworthy manner. With GDPR fast approaching they are taking very significant risks as headline-grabbing fines are introduced and data protection authorities are given more powers to pursue offences. It does not have to be this way. In most companies, it is relatively straightforward to ensure that good data protection standards are observed. It is a matter of knowing what data you handle and getting simple, safe practices in place to ensure it is handled correctly. Data protection only really becomes complex for very large businesses who handle large volumes of customer data. Its complex for Google and for Facebook because their businesses are data-centric. Its complicated for banks and insurance companies because they are regulated industries and handle sensitive financial information. Large healthcare providers find it complex because they handle sensitive health information. Cloud service providers find data protection complicated because they store large volumes of data at multiple locations across the globe.
It’s not complex for most businesses. Most of the time it comes down to two critical steps – staff awareness and common sense. It’s not going to cost a fortune for most small and medium companies – in fact, SMEs are explicitly excluded from many of the more onerous requirements of the new European Regulation (GDPR). For most companies, data protection is as simple as “Three S” – Simple, Secure and Staff.
Keeping these in mind will help you to manage the costs of handling and protecting personal data. It will ensure that data protection in your company is as simple as possible!
Sign-up to receive news and information from Fort Privacy
Fort Privacy processes your personal data in order to respond to your query and provide you with information about our products and services. Please see our Data Protection Statement for further information
As a technologist, I am both excited and appalled at the developments in AI and it seems from various surveys that I am not alone. My greatest wish is that we can harness its power for good while dampening its power for misuse. It is early days yet – let’s hope this wish comes true!
Everyone loves a quiz so we decided we would kick-off the new year with a bit of tongue-in-cheek fun.
Continuing the tradition of the Fort Privacy Christmas blog this year we are thinking about Santa and AI. Well, we need to keep these articles topical after all!
