With the new personal data law – General Data Protection Regulation, or GDPR – kicking in less than a month from now, you would be forgiven for thinking that most people would have everything ready to comply. However, our recent research – conducted from January to March this year – has shown that 63% of people are unsure of the basic principles of GDPR, with 50% unsure why they need to be GDPR ready.
For those unsure – what is GDPR?
In simple terms, GDPR replaces the 1998 Data Protection Law and comes into play on 25 May 2018. It affects any organisation that deals with personal data.
GDPR sets out to protect both individuals and organisations against data breaches, ensuring that there are no vulnerabilities in an organisation’s information management that can be exploited by hackers or misused internally. The law will set a standard across the EU, taking into account the ever changing landscape of data and ways in which organisations safeguard that information. This is a good thing for everyone, as it means our laws reflect the digital world we now live in and keep us protected from data breaches.
What do you mean by personal data?
Personal data, or Personal Identifiable Information (PII), is being redefined to take into account the digital age and the masses of information regarding individuals now available to companies. PII is being broadened beyond email addresses and telephone numbers to information relating to identified or an identifiable natural person. Online identifiers such as IP address, cookies and RFID tags are also now included, meaning companies need to ensure that data is being protected across many levels.
What type of personal data is affected in education?
Educational organisations will, of course, be subject to GDPR compliance – the amount of personal data held on individuals is often extensive, covering everything from dates of birth to phone numbers and copies of official documents such as passports and visas. This information is generally regarded as highly sensitive, so it is crucial that it is managed in a secure manner that prevents any breaches; also, that it is easy to find and remove when appropriate.
Sounds like a lot of work to comply… are there any benefits?
Best practice records management, as required by GDPR, should be viewed positively – it can bring multiple benefits to organisations and their teams. For example, it can help with the delivery of a quality service and cost management, as well as improve efficiencies and eliminate staff frustration.
No more searching around for documents
We can all identify with the frustration of not being able to locate a paper document because it has been mis-filed or lost, and how this can delay a task and unnecessarily which impact other elements. The time we spend physically filing and locating documents means staff are often wasting work time on a basic administrative task; when records are securely digitised, employees will simply access multiple files using a basic search, saving time. This can include everything from contact details to scans of certificates.
Access from anywhere
Many educational units are now spread across different sites, or are in trusts with other schools, meaning sharing data and information is becoming increasingly important. Being able to securely do this from any location means staff no longer have to ask a colleague in another office to find and scan documents.
There have been a number of hackings and data breaches over the last few years, damaging companies’ reputations and leaving customers feeling vulnerable. We can all remember when the NHS fell victim to a cyber attack, and the impact that had on both the organisation and its patients. Safeguarding personal data is crucial in keeping everyone safe and the GDPR ensures that all companies are aligned in their practice. Compliant companies will be confident that they are protecting data appropriately and not breaking the law.
While it may take time to get everything in order ahead of GDPR, the benefits aren’t solely confined to avoiding financial penalties – they will actually help improve customer goodwill, reputation and innovation. That, and saving employees’ time, precisely knowing what personal data you hold on people, and improving processes.
I would urge all companies to start looking at improving personal data management now, and reap the benefits sooner rather than later.
Kristina Russell is UK Sales Manager at Kefron.