The looming General Data Protection Regulation (GDPR) is meaning companies are thinking ethically about their approach to customer data, according to offshore law firm Carey Olsen partner, Mark Dunster.
Speaking after Carey Olsen's GDPR and e-Privacy conference in Guernsey earlier this week, Mr Dunster said GDPR, which comes into effect on Friday 25 May, was bringing about a much needed and deep seated behavioural change relating to the responsibility of data ownership and processing.
The primary focus of GDPR is to protect the personal data of citizens of the European Union (EU) wherever it is held, processed or transferred. While the Channel Islands stand outside the EU, the legislation affects all local companies undertaking business in the EU or profiling EU citizens.
The Data Protection (Bailiwick of Guernsey) Law, 2017, which reflects the new requirements of GDPR, comes into force the same day as GDPR comes into effect across all EU Member States.
Mr Dunster said: "If you want to have a successful business you need to have a business where people think they are treated fairly as a customer. GDPR is simply regulation catching up with that expectation. If you have an over-reliance on rules, you generate an industry trying to find a way around those rules and it leads to a moral bankruptcy. You need to stick to core values, which is what GDPR does. It might sound like a biblical reference, but other people's data should be treated in the same way as you would want them to treat your data."
Carey Olsen counsel Carly Parrott, who also spoke at the event, said HR departments would be under some of the most intense scrutiny following the introduction of GDPR and Guernsey's law when she spoke on the risks, opportunities and challenges of managing data protection and employees.
"HR departments are a goldmine of personal data, which in GDPR terms means they are a compliance landmine," said Ms Parrott.
"The human element of GDPR extends beyond the vast volume of often unstructured and informal personal data that organisations continually collect from a variety of sources and regularly process about their employees into the often catastrophic impact that an organisation's most valuable resource, its people, can have on the security of that data.
"Compliance with the data protection laws and, by extension, reducing the risk of security breaches demands a holistic approach to be adopted by organisations, led from the top and permeated throughout the whole organisation. This is because an educated workforce is an engaged workforce and an engaged workforce is much better equipped to navigate the landmine of GDPR compliance," Ms Parrott continued.
Other topics relating to GDPR covered at the event included measures that must be in place ahead of 25 May, the technological standards required to achieve and maintain GDPR compliance and reforms to the e-Privacy Directive.
The event at St Pierre Park Hotel was the second GDPR conference hosted by Carey Olsen in the Channel Islands since the beginning of May. The first event was held in Jersey on 1 May and was attended by 180 representatives of Jersey's business community.
Carey Olsen advises financial institutions, corporations and private clients on the laws of Bermuda, the British Virgin Islands, Cayman Islands, Guernsey and Jersey from a network of nine international offices.
|RATE THIS ARTICLE|
THIS WEEK'S TOP STORIES
PAM (Private Asset Managers) and its sister website PAMonline combine to provide "...the best guide available to the leading firms in private client fund management" (FINANCIAL TIMES). PAM compares managers on a level playing field by key data such as fees and charges, minimum investment thresholds and so on.