To me, the GDPR is about transparency and opportunity.
The transparency and openness is inherent in accepting that, if you have data on someone, the data belongs to them, not you, so why shouldn’t they be able to access it? The idea of ownership of data – by the people, of the people – is the foundation of the GDPR.
The opportunity applies to everyone involved in the exchange of personal data. As an individual you have the opportunity to manage who knows what about you, setting your own bar for the quality of companies who can access your data, and the range of information each of them has on you. You can also improve the quality of that data, as companies are obliged to correct mistaken or out-of-date information.
As an organisation or other entity who controls personal data, aside from the housekeeping benefits of discarding unnecessary or outdated data, you can establish greater trust with your contacts through your evident transparency – why you collect the info you do, what benefit it brings to your contacts, and how you treat their data with respect. The GDPR makes a great ‘stick’ for data protection officers struggling to get their business case recognised in an organisation, but also if thoughtfully presented it’s a great ‘carrot’ for contributing to the bottom line.
My project in this blog – though I guess it’s more a structured CliffsNotes on the GDPR text – is to discuss each clause of the GDPR and relate it to practical situations and other legislation.