Data protection, like much in the background of our lives, is a topic that tends to be focused on when things go wrong.
However, the EU’s General Data Protection Regulation (GDPR) is now putting the subject on the radar of organisations by demanding greater transparency from handlers of personal data, boosting the rights of individuals over their information, and raising the fines that can be levied for negligence or mishandling of data.
It is a development that many of us might welcome in our personal capacities, but the changes can feel intimidating for those tasked with getting their organisations in line with the requirements by 25 May 2018.
As such, a new ICSA guidance note has been written to assist organisations. The guidance summarises the requirements of the new regime, as well as providing more detailed support in checklist-style boxes for those closer to the detail of implementation.
Crucially, the guidance also flags the pivotal role company secretaries can play in supporting the oversight of data protection by boards and other senior decision-makers.
The guidance breaks down the legislation into three key topics: data basics, dealing with individuals, and governance and risk management. Our goal is to ensure readers understand the changes that are taking place, and are equipped to participate in the discussions and practical action required as a result.
To that end, the guidance has been produced with the input of a working group comprised of ICSA members and the law firm Baker McKenzie, ensuring the topic is covered from both a legal and governance perspective.
Regulatory change forces organisations to change how they work, but it would be a shame if GDPR is viewed as just another compliance burden.
Organisations of all shapes and sizes need to be ready to meet the requirements of GDPR. The ICSA guidance note is a tool to help achieve this in practical terms.
However, in getting to grips with the challenge of GDPR, organisations also have a chance to benefit from improved relationships with individuals – whether current or potential customers, employees, service users or other types of stakeholders.
Those organisations that succeed in creating the overall culture of data protection, transparency and accountability the regulation aims at will be more likely perceived as trustworthy by the public.
And, in the current climate, public trust is a prize worth winning.
Liz Bradley is policy manager, corporate, at ICSA: The Governance Institute