The Realities of Implimentation
by Kam Kandola
A Bit of Historical Perspective
Back in 1998 we had the birth of Google in its current form. Many households didn’t have a personal connection. The internet itself existed largely for scientific / information based companies & educational organisations to communicate. In fact HTML (hyper text markup language,) the very language we still use on every web page, was created in its original form by Tim Bernes-Lee for physicists at CERN to share technical papers with one another.
Today everyone not only has an internet connection on their personal, as well as business computer, but we all also carry around smartphones. In reality almost every website visit, page-view, button clicked, is tracked and recorded. Companies like Google with their free email, maps & video software collect vast swathes of data around your personal interests and can make fairly accurate assumptions around things like your personal income. Should we all be allowed a say as to what information is stored about us? Should we have the right to view or amend this data?
Nowadays personal information is typically stored in databases by companies. This may be customer information. Note also that staff information is also considered personal information. Information such as, names, contact details, addresses, financial & medical information is recorded. Networked computers serving these databases make it convenient for us to access this info when we need it. Sadly, the nature of cloud services or any terminal linked to the Wide-Area-Network we know as the internet, make it accessible to hackers. Identity theft and scammers are rife and comprise the Yang to the internet’s Ying of convenience. As such we need to make sure this data is secure. This is not a “nice-to-have”. This is a business must.
Historically legislations like the original Data Protection Act of 1998 (DPA) have had these held these ideals and provided legislation to govern these rights. But as time has passed and technologies have changed, we have needed updates to make sure that, large organisations especially, do not mis-use our data, share it without our permission or frivolously collect it with no purpose. Sadly the Data Protection Act that was, was found lacking…
For example, under the Data Protection Act of 1998, the maximum fine that could be levied to an organisation like Google was only five hundred thousand pounds. This may sound like a lot to you or me, but to a global organisation like Google this was only a blip in the ocean. Compare that now to potentially fines of twenty thousand euros for technical breach and a gob-smacking forty thousand euros for blatant non-compliance with the principles of GDPR, this new legislation is not to be ignored.
Further to this, should two or four percent respectively, of the annual turnover exceed these amounts, the Data Protection Authority is able to levy the higher amount as a total fine. This means no matter the size of the organisation, they are sufficiently motivated to take data protection seriously again.