GDPR event was over subscribed.
Thanks to everyone who attended the GDPR seminar yesterday at the Doyle Club yesterday. The room was overbooked with over 40 people attending from all different business sectors. As this is a complicated subject, and there was only an hour to present it was literally a case of “rack em stack em” in order for all 3 speakers to get as much information imparted as much as possible.
The three amigos
Richard Mullett from “The Legal Partners” gave an overview of the regulatory framework of GDPR and what business’s need to be aware of to be compliant. This included the principles of
- Lawfulness, fairness and transparency: policies & notices
- Purpose limitation: explicit & legitimate purposes
- Data minimisation: “only collect what you really need”
- Storage limitation
- Integrity and confidentiality
- Accountability : demonstrate compliance.
They need to demonstrate compliance business will need to be able to demonstrate ongoing compliance And included the difference between rights and responsibilities of data controllers and data processors.
Malcolm Ford from IT enterprise Business Solutions gave examples of some of the pitfalls awaiting business owners particularly with complying with “subject access requests” and the potential for that to ties up business’s time and resources with needles admin.
• the shortcomings of using excel (can delete information but no proof),
• the complications of storing data in the cloud (how can I prove where my data is), and
• the benefits of multi-relational database (all information can be stored in one place the hid).
Ultimately this comes down to the core principle “Privacy by Design”. This means that it is not just software vendors who need to change, but whole organizations need to review what software solutions they currently use and whether they are fit for purpose in the light of the new legislation.
Jason Cobine finished up with some very good examples of what happens when companies don’t properly apply due diligence to their operations. The most memorable example of a cloud based solution for the insurance industry who had their main database on the ground floor, and the back up on the 3rd floor of the same building. Then the inevitable power outage that affected the whole block for 2 days with no access. Jason encouraged people to take their efforts towards compliance seriously as that ultimately affect what you can insure and for how much.
Questions came thick and fast in the areas affecting business:
• what compromises “consent”,
• the impact of social media, and
• what are the implication for future pipelines generated from existing CRM systems.
Not enough time for everything but the response from everyone there was that this was by far the most practical session on the topic, mainly because each of the speakers came from different disciplines.
Theres more where that came from.
With the event being over subscribed there was definite demand for a longer more in depth in session and a receipt of the session for those who could not get booked. This currently being discussed so watch this space.
See our Services and FAQ for more information.