Comment: Beware of GDPR misinformation
The implementation of GDPR, due in May 2018, will have an impact on a wide range of businesses and organisations. It will also affect the security sector, and as a result the industry has to be ready for the ramifications of the new regulation. Additionally, end users will be seeking clarification about how the new legislation may change the way they work, including with regard to security systems and data processing. Unfortunately, there seems to be an increase in misinformation from some who have a desire to promote their own interests.
For those installers and integrators who remember the scare-stories about the Millennium Bug, the doom-laden scenarios being trotted out about the implementation of GDPR may have some familiarity!
The two issues are obviously very different: one was pure sensationalism and the other is a very real piece of data protection legislation. However, what they have in common is delivering an opportunity for some to drum up hysteria to create a quick profit.
The Millenium Bug was always a bit farcical. Did anyone truly suspect that advanced machines which carried out complex and intense calculations would not be able to register that 2000 came after 1999? Did anyone really think the minds that created cutting-edge operating systems to run some of the most advanced programming ever produced simply forgot that 2 follows 1?
Of course, what made the Millennium Bug an issue for businesses was the sheer number of people making noise about the potential doomsday scenario. This in turn led to some businesses insisting that others they dealt with had a risk management plan for the so-called Bug. By exploiting an uncertainty they themselves had created, a lot of people made a lot of money.
GDPR differs from the Millennium Bug in that it is real, it is happening and it will change the data processing landscape. It focuses the level of protection on offer more towards the general public and forces businesses to better protect data, to ensure that processing is carried out correctly and to report breaches in a timely fashion. It also removes a number of ‘loopholes’ that allowed data controllers to maximise their use of data, no matter what reason it was provided for.
In certain countries which already have relatively strict data protection laws, GDPR simply tidies things up and imposes a stricter regime; one that has teeth! In other countries were the laws are more lax, it imposes a significant step forward. As such, many will argue that GDPR is a good thing.
It will impact on the security sector, but for those who approach security system design, implementation and configuration in a professional way, it won’t necessitate wholesale changes. It certainly won’t be the harbinger of doom, as some are suggesting.
Under GDPR, companies that breach the regulation can be fined a significant amount. That fact alone has seen a good few ‘experts’ jumping on the bandwagon and declaring that GDPR changes everything. It doesn’t. Well, to be fair, if a business is irresponsible with data, processes it unlawfully and ignores the rights of staff, customers or the general public, it may well change everything!
Benchmark has seen claims from some companies that infer security systems, and especially video surveillance, will breach GDPR unless you buy their services. Others have marketing materials carrying large quotes that give the impression of being from the legislation, when they’re not. They are spurious and misleading.
Benchmark has previously looked at the core issues surrounding GDPR and our industry. In the lead up to the implementation, this will be followed up with further information to ensure our readers understand the facts!