GDPR: The Woodbrook Way
You might have noticed your inbox filling up with requests from companies to establish your data relationship with them. This is the result of a new security directive that has changed the landscape of online privacy, given EU citizens’ rights, and companies who use their data an obligation to protect it.
Personal data just became a lot more personal.
Along with protection individuals can now access, erase and rectify any data referring to them. They also have right to object to direct marketing, profiling and processing of their data. For now, the improvements to individual safety have improved in online terms.
Woodbrook had put this concern as paramount even before the GDPR initials were etched into public consciousness.
‘Given that your financial data is the most private, and the most in need of protection, the Woodbrook Group has worked on ensuring both its procedure and its transparency is evident, is working and is ready for any evaluation,’ CEO Michael Doherty assures.
The new regulations will strengthen security and ensure transparency in how organisations acquire, hold and employ personal data. From May 25th, privacy legislation will be upgraded and refined to give citizens of the EU and EEA increased privacy and in turn putting any organisation or body that processes data instructions to:
- Document the processing in a standardised fashion across the territories;
- Ensure the lawfulness of processing and so document procedures around it;
- Provide information on security measures to ensure that processing agreements are met.
‘We understand both the importance of GDPR and the nature and implications of the directive. Our procedures fully comply with the directive and our clients’ confidentiality needs have always been paramount to us, even before it became a more stringent European guideline. We are fully compliant and engage with the complexities of the requirements because we know the essential reason is the safeguarding of client interest in a rapidly evolving digital marketplace,’ Woodbrook Group CEO Michael Doherty states.
So why is GDPR important? Apart from increased client confidentiality, the new directive is clear on what companies have to do to safeguard it. The Woodbrook Group, which has branches in the Middle East and Asia, has also noted that some financial services companies do not see the forthcoming change as relevant to them if they operate outside the EU.
‘The truth is the EU directive should be the same standard throughout the world. We are a global economy so data protection should be globalised also,’ Michael Doherty points out. ‘Also we have had a long lead time to prepare for May 25th. A two-year transition period has given organisations every chance. Woodbrook is prepared more than most because financial and legal companies have always had to ensure strong protections, and this will be borne out for all data processors and controllers in future.’
A new system of fines for breaching the new directive reflects the global need for increased online privacy and accountability. Organisations who breach the regulations may be fined either between 2% to 4% of their annual global turnover or up €20 million, whichever is higher. Frequent breaches will result in higher fines of up to €40 million.
‘While it is adding complexity and cost, the benefits of the GDPR are that it has created compliance requirements, which hold all organisations to full account. As a compliant group, we saw the benefits before the stories made headlines and they made headlines for a good reason,’ Michael Doherty elaborates.
Most clients, prior to the recent high profile media coverage of data breaches and trading to third parties, would have expected their data to be protected but not know exactly how this was achieved. The maelstrom created by Facebook and Cambridge Analytica made individuals more than interested, they became truly concerned. The Woodbrook Group has taken the key questions clients have come up with:
What will GDPR do and what does it replace?
It improves and standardises the way personal data is currently protected. The European Data Protection Directive was the previous legislation, but the rapid advances in technology have rendered previous protections obsolete. Even before the recent news stories around data sharing there was a compelling need to look at what needed to be done to bring in new and effective procedures around data protection and to make them run across the board, so individuals who were dealing with one firm didn’t end up having private information shared with the databases of others, without their knowledge or consent.
What is your ‘data self’?
Anything online that identifies you as you that is shared online – your location, interests, values and connections. Your IP address yields a lot when it is married with the sites you search and your affiliate leisure and business interests with an online presence.
Who does GDPR affect?
The GDPR applies to anyone who uses data – processing, holding, or transmitting – which is most companies in the EU or EEA and any company dealing with EU citizens – which is most companies globally.
How will the new regulation be overseen?
The national data protection authorities of each member state and those affiliated through the EEA.
What will occur in the UK after Brexit?
As has been pointed out, any organisation dealing with the data of an EU citizen must comply. The UK’s Data Protection Bill will ensure similar if not higher standards than the GDPR changes.
How will organizations be affected?
The uniformity has eliminated contradictory national data protection laws by demanding that anyone who has EU dealings complies with EU standards. GDPR has put data protection practices at the forefront of business agendas worldwide.