Why privacy will soon be business of everybody

Technology and data have played a major part in the success of many of the companies in this year's Ward Hadaway Yorkshire Fastest 50, not least that of the overall fastest growing company, ESP Systex.
By The Newsroom
Published 22nd Mar 2016, 09:02 BST
Updated 23rd Mar 2016, 10:37 BST
Gareth YatesGareth Yates
Gareth Yates

A number of other businesses in this year’s rankings also use technology and data to improve or develop new products, to speed up and automate a range of different services or to explore new business markets.

The systems and processes for the collection, use and protection of individuals’ personal data within businesses are growing in importance year-on-year, whether this data concerns their employees or their customers.

Now enter The Yorkshire Post Excellence in Business Awards

Hide Ad
Hide Ad

However, major changes are on the horizon that are set to affect how companies exploit technology and data within their businesses.

The changes arise from the introduction of the General Data Protection Regulation (GDPR). This is new European Union legislation that will result in companies having to re-consider how data protection issues affect and are addressed within their businesses.

Getting the correct systems and processes in place requires an upfront investment from businesses, but it is an investment that is essential given the consequences if personal data is stolen or leaked – think of the fallout from events within the last 12 months such as the hackings of the Ashley Madison website or the TalkTalk customer database.

Additionally, the financial penalties applicable under the GDPR for breaches of data protection law would be dramatically higher than under the current regime, with fines running into millions of euros or based upon a percentage of a company’s worldwide turnover.

Hide Ad
Hide Ad

For those businesses where technology and data cross over, a significant change will come through the introduction of the concept of “privacy by design and by default”.

This concept will require businesses to implement data protection measures within the design of new products, services or other data processing activities rather than adding on such protections once the products/services/activities have been developed. Furthermore, businesses will be required to perform data protection impact assessments to identify privacy risks in new products/services/activities.

View The Yorkshire Post’s Fastest 50 supplement in full

In practice, this means that all businesses at the inception of a new project – for example, when building a new IT system for storing or accessing personal data; embarking on a data sharing initiative; or using data for new purposes – should consider conducting a privacy impact assessment to record that they have considered the data protection implications of the project and identified any privacy risks that may flow from it.

Whilst complying with these requirements will for most businesses require changes to the way they develop products/services and add additional time/costs at the start of projects, if introduced effectively the changes could benefit businesses by making products/services more effective for their customers and ultimately reduce future development costs (and avoid expensive fines!).

Hide Ad
Hide Ad

Whilst the new regime will not be fully in force until 2018, many businesses are already taking its implications into account when developing new and existing products/services so as to ensure they will be compliant when the law changes.

In a very real sense, privacy will soon be everyone’s business – and the situation will perhaps be further complicated if Britain leaves the EU following the referendum to be held later this year.

Related topics:European UnionTalkTalk