Digital data retention and GDPR for a business
2020 ushered in a new and difficult era for independent business, with everything from reduced revenue to increased business rates forcing many businesses to shut. For those that have survived, the post-Brexit landscape can be intimidating. The Times recently reported that even Amazon – the largest of multinational corporation – would be receiving a gigantic £630m GDPR fine in the UK, indicating the seriousness of the EU enforcing their data protection laws. With many of these laws being replicated or reflected in British law, businesses are scrambling to get on the right side of GDPR. The good news? There is a way.
Under GDPR, there are a range of data retention and storage imperatives that businesses must follow. GDPR and backup tapes, as well as documents, can seem like uneasy bedfellows. GDPR, after all, often punishes businesses for the improper collection and retention of data that is not relevant to their business operations. Despite this, bodies including the government provide consummate guidance on how to properly store data and how to stay on the right side of data protection regulations – GDPR included. Indeed, with the expansion of British privacy and data management laws, businesses will have a more secure base to tap into and ensure that they are staying on the right side of the divide.
British law expansion
In June, the Guardian reported that the UK would obtain “adequate” status as an information protector. What does this mean? Businesses within the UK can inherently be trusted to treat private information properly. The EU is happy to allow the free flow of information between its member states and businesses in the UK, and there is no need for extra tariffs or competency agreements. However, it is also noted that any change in UK law could lead to this status being revoked and, indeed, an unusual four-year term was placed on the agreement. This reflects a sense of mistrust in the EU, according to The Guardian, with respect to how UK businesses treat data.
With or without GDPR?
You can see how GDPR has been impacted by businesses trying to access certain US-based websites – due to the costs of compliance, many websites have preferred to simply block users from the EU or the UK from accessing their content, rather than risk fines. The Business Leader notes that, really, GDPR is necessary. Data protections within UK law were enshrined in 1995, long before the rise of mass data and social media and that they were not fit for purpose as a result. A new-age data sharing and protection amendment is something that businesses can use to help strengthen their position.
What does this mean for business owners today? The issues raised around GDPR and compliance are relevant but they need to be considered in the context of wider privacy issues. Getting a data house into order is time-consuming, but cost-effective, and gives due respect to the customers and their privacy.
The editorial unit