New EU data laws: 3 practical tips to avoid hefty fines

Jul 20, 2017 | Regulation

Experian is announcing its “3 ‘I’s guide” to help businesses prepare for GDPR, with some practical steps to help avoid fines when the consumer data protection laws come in place om 25th May 2018. GDPR is a new EU regulation governing how organisations should handle and protect our personal data. Firms need to keep records of […]

Experian is announcing its “3 ‘I’s guide” to help businesses prepare for GDPR, with some practical steps to help avoid fines when the consumer data protection laws come in place om 25th May 2018.
gdpr-new.jpg


GDPR is a new EU regulation governing how organisations should handle and protect our personal data. Firms need to keep records of all personal data, be able to prove that consent was given, show where the data’s going, what it’s being used for, and how it’s being protected.
 
To date the conversation around GDPR has been dominated by the risk of fines to businesses. It’s a concern because the sums involved are potentially huge and 25% of businesses have not made any preparations at all according to Experian’s own research
 
Yet the changing regulation should be seen as a significant opportunity for business to put customers at the heart of their business strategy
Presently, 72% of companies acknowledge that data quality issues had affected trust and perception by their customers
GDPR gives businesses a chance to take stock and improve practices when it comes to data
The Experian 3 ‘I’s guide cuts through the scaremongering and offers practical advice on the steps businesses of all sizes should be taking to prepare
“At Experian, we believe that organisations have a responsibility to build trust with consumers by demonstrating their integrity through better data stewardship, transparency and accuracy. Building that trust will, in turn, deliver better business outcomes,” Charles Butterworth, MD, UKI & EMEA, Experian.
Rebecca Hennessy, Director of Market Strategy, Experian Data Quality UK, Experian, said: “If they’ve not already, it is imperative that businesses start to think about their implementation requirements immediately. It’s not good enough to feel ‘fairly confident’ that the data held is being used in the interests of the customer. It’s a requirement that new levels of scrutiny are applied here, and the customer’s perspective is the be-all and end-all guide to whether you are getting it right. With this in mind, we’ve created this three step process for organisations to work through in order to help firms navigate – and potentially thrive – in the new regulatory environment.

  1. Investigate: Make sure that the personal data is accurate and that the collection, storage, use and erasure of that data follow a ‘privacy by design’ approach to systems engineering, which takes privacy into account from inception and throughout the whole process.
  2. Improve: Organisations need to ensure they are always meeting the rights of the data subject, holding accurate data and improving practices such as data portability and subject access requests, guaranteeing that the consumer’s right to rectify, object and have their data deleted is straightforward to arrange.
  3. Integrate: Businesses need to absorb new models of best practice into their data strategy and, ideally, integrate it into the culture of the organisation.

 
For the full guide, please see Experian’s whitepaper: “Defining a Data Powered Future”