All articles

Hurray for GDPR day!

June 29, 2018

Hurray for GDPR day!

Over the past couple months, you’ve probably received a bunch of very samey emails.They’ll have come from all sorts of businesses — some of which you may have no recollection of ever even using! Each one of them was sent due to the new General Data Protection Regulation (GDPR), designed to protect people’s privacy.

“The regulation is very positive and rightly shifts the power around personal data from the company to the customer,” stated Morgan Sowden, CTO of Octopus Group. “GDPR lets consumers opt in to all newsletters and provides individuals within the EU the means to delete personal data collected by online enterprises.”

According to the European Commission, personal data means any information relating to an individual, whether it’s in their private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer's IP address. The regulation places control over this information squarely in the user’s hands, and stipulates that businesses must report any data breaches within 72 hours if they have an adverse effect on user privacy.

“Octopus has to abide by these same GDPR rules, treating customer information with utmost privacy,” explained Morgan. “It’s pioneering legislation that is welcome in a world where data makes the world go round.”

Accomplishing [GDPR] compliance at Octopus was a big task. “It has been a massive effort,” admitted Debra Duggan, Head of Data. “There were so many moving parts — steps to get policies in place, processes to support those policies, educating the business…And then [additional measures] to reach paper-based and technology compliance. All the while, the business was still operating as usual.”

Despite the intense effort to meet the GDPR deadline, the new regulatory environment is wholly embraced by Octopus, as it corresponds with Octopus’s own values of transparency and consumer empowerment. And it reasserts Octopus’s commitment to stringent privacy protection.

“I think GDPR is fantastic,” stated Debra. “It’s been a big motivator in helping people understand their data and the scale of data that is collected. As a project, I am relieved that it went as well as it did. But I also realise it is now an ongoing process and a way of thinking. Each person has to give extra thought in what data they are collecting and how they will remain GDPR compliant.”