GDPR and you

摘要

There can't be anyone reading this who hasn't heard of the General Data Protection Regulation (GDPR) or who hasn't recently received a barrage of emails from suppliers asking for acceptance of their GDPR policies. Many of us have already reached the stage of just ticking acceptance boxes or ignoring or deleting those annoying emails.It is not because the principles of GDPR are unimportant or that suppliers and councils shouldn't take GDPR responsibilities seriously in order to meet the implementation deadline of 25 May. But we need to move beyond a focus on regulatory compliance towards a deeper understanding of data use and its protection.Nowhere is this more significant than in the public sector, where some of the most sensitive data is held, often for some of the most vulnerable people and with statutory retention periods lasting decades. Yet the public sector's track record in data management has not always been good.