By Mark Blackwell, lending and surveying services director at eTech Solutions
This article was published in Mortgage Finance Gazette, Nov 2017, pg 19
New EU General Data Protection Regulations (GDPR) come into force on 25 May next year, replacing the 1995 Data Protection Act (DPA); and introducing key changes for businesses who deal with customer or employee data. For those who’d been seeing Brexit as a get out of jail free card in this regard, the government has confirmed that the regulations will still apply to the UK, so it’s time to prepare.
The new regulations have been designed to ensure EU citizens are protected from privacy and data breaches and aim to reflect the massively increased role data now plays in all our lives. Nowhere is this more apparent than in the world of property risk management where data and technology are now vital for lenders and surveyors. The information economy has changed beyond recognition since the 1995 DPA, and the GDPR responds to today’s landscape of value-enhanced data and its prevalence online.
So, what’s changing?
To start with, the definition of personal data is broadening, encompassing anything that could be used to identify an individual. Organisations should consider the type of data they’re processing and organise an information audit if necessary, to identify what personal data they hold.
In the case of data breaches such as the loss of personally identifying information, organisations will be obliged to inform the Information Commissioner’s Office (ICO) within 72 hours, as well as any data subjects affected.
Organisations involved in regular and systematic monitoring of data subjects on a large scale must designate a data protection officer; but appointing someone to take on responsibility for data protection compliance is a good idea anyway, regardless of any regulatory imperative.
Data breaches can cost companies dearly in terms of reputational damage, and with financial penalties of up to €20 million or 4% of global annual turnover (whichever is greater) preparations for 25 May should be a priority.
The ICO has prepared a handy 12 step guide to preparations which is a useful reference for anyone not sure where to start.Back to news