GDPR explained and should we love or loath it?

gdpr

In the past few months, the amount of literature on GDPR has been increasing rapidly. Discussing the topic internally or externally, people do not know whether it is good or bad for business, nor do they understand the ramifications of these changes. Here is my point of view. Forget whether it is good or not for your business, the bottom line is that it is good for the customers. If you are a customer centric business like mine then you will welcome it with open arms. Of course, there will be painful conversations ahead, and people must remain pragmatic and make these changes bit by bit rather than all at once. Therefore if you read this post, crack on with it as it will come into play on the 25th May 2018.

Background

Back in the day, around 1995, the Data Protection Directive 95/46/EC [DPD] was introduced. This legislation was the first of its kind at the time and it replaced some old school legislation that was out of date and allowed for all the new data legislation to be in one place. The legislation provided a detailed framework for data processing but now, 21 years later, the DPA has become significantly out of date!

Now, 21 years is a long time and you can do 7 undergraduate degrees within that time. So it is no wonder that within that period, the use of computers and the data this use creates has changed considerably, which, unfortunately, also means that the threat of cyber crime and subsequent data misuse has also increased.

Not only has technology changed immensely (and continues to do so), but the reliance on paper records has diminished. Funnily enough, floppy disks are no longer used (remember those!) and there are now a vast amount of storage options, as well as the mass use of social and professional media and the ongoing creation of Big Data, resulting in huge chasms in the 1995 legislation.

Some users have become somewhat paranoid and alert to the dangers of the growing risks and importance of data protection, being the savvy lot that they can be, however, the majority of everyday users (business or social) are still catching up to basic security measures.

A survey undertaken by the EU revealed that 74% of Europeans see disclosing personal information as an increasing part of modern life. But why are people giving away their personal information?

It seems that the most important reason to disclose this information is to access an online service. The most interesting result in this survey is the fact that 26% of social network users and 18% of online shoppers felt out of control of their own data.

What does the General Data Protection Regulation (GDPR) cover?

The legislation named the General Data Protection Regulation or GDPR, includes options such as the ‘right to be forgotten’, new rules on data transfers outside the EU, the implementation of data breach notification requirements and the introduction of much higher fines that are based on the percentage of a company’s annual turnover.

The ICO (Information Commissioner’s Office) explains that under the GDPR, the data protection principles set out the main responsibilities for organisations.

Click here for full access to the ICO website.

The principles are similar to those in the DPA, with added detail at certain points and a new accountability requirement. The most significant addition is the accountability principle. The GDPR requires you to show how you comply with the principles – for example by documenting the decisions you take about a processing activity.

Key principles of GDPR:

 

Coverage Scope

The GDPR covers all data controllers and data subjects based in the EU. It also applies to organizations based outside the EU that process the personal data of its residents.

According to the EC, the definition of personal data covers anything that points to their professional or personal life, including names, photos, emails IDs, bank details, social networking posts, medical information, or computer IP address.

There will be a Single Data Protection Authority (DPA) assigned to each company depending on where the company is located who will report to the European Data Protection Board. They must be appointed for all public authorities and companies processing more than 5000 data subjects within 12 months.

Accountability

Although previous data processing notice requirements remain intact, they must also specify the retention time for personal data and provide their contact information to customers. The Privacy by Design and Privacy by Default clauses in Article 23 mandate that data protection protocols must be integrated into the business development process itself. All privacy settings must be set to high by default.

Data Protection Impact Assessments (Article 33) have to be conducted when specific risks occur to the rights and freedoms of data subjects.

Proof of Consent

Article 7 and Article 8 specify that data controllers must possess a valid proof of consent for processing data and acquire special permissions for collecting the data of children under 13 from their legal guardians.

Instant Breach Alerts

Article 32 says that any case of data breach must be reported to the DPA by the controller within 72 hours of discovering the issue so that all parties involved can be warned about the situation and take precautionary measures.

Severe Sanctions

Instances of first unintentional cases of non-compliance will be doled out written warnings by the DPA. As a result, organisations will also be directed to conduct regular data protection audits. In case of graver offences, organisations may have to cough up a deadly fine up to 1,000,000 EUR or up to 2% of the annual worldwide turnover in case of an enterprise, whichever is greater (Article 79).

Right to Erasure

Article 17 empowers data subjects by giving them the right to request removal of personal data related to them on any one of a number of grounds, including cases where the fundamental rights of the data subject take precedence over the data controller’s interests and require protection.

Portability of Data

According to Article 15, users will also be allowed to request a copy of personal data being processed so that they have the freedom to transmit it to another processing system if needed.

On-premise private cloud solutions such as FileCloud help organisations to keep their data in servers within their firewall, while providing all the flexibility and access advantages of public cloud such as Dropbox. Additionally, FileCloud’s unique capabilities to comply with EU regulations, and features to monitor, prevent, and fix any data leakage across devices (Laptops, Desktops, Smartphones and Tablets).

What should you do if you want to transfer data now?

It has been advised that in this pre-GDPR time, that it is better to just avoid transferring data altogether, even though alternatives have been set out by the EU. A number of solutions have been made available to help with the problem of transfer, such as mobile e-discovery technology, predictive coding technology or e-discovery platforms and predictive coding, which can be used to ensure that relevant data is found quickly and deleted.

Transferring data across the pond looks to remain a complex legal process until the GDPR and Privacy Shield are fully confirmed and in place.

However, the legislations are not concrete and may still change, even after going live. Even more so in the light of Brexit, how will the UK adhere to the GDPR and its new shiny facets? Most people say that it won’t change but let’s wait for the Great Repeal Bill.

With the vast amount of alternatives that are available, it should not be difficult to find solutions to processing essential data during this time of uncertainty and it will hopefully be a progression for all internet/data/app users feeling secure that their data is secure!

Should you love it or loath it?

Love it, of course. As Anders Hilmansson puts it, there is quite a lot in it for you! If you comply with the GDPR adequately and effectively, you’ll have the possibility to achieve breakout performance compared to your competitors, owing to you having a competitive advantage. You’ll have what the Boston Consulting Group calls the “Trust Advantage” (MUST READ this paper): meaning that your consumers will entrust you with more data (compared to your competitors), which will lead to better online recommendations, more accurate targeting, faster development of new products and services, and several other benefits to you and your customers.

In light of the above – and taking into consideration that the value of Europe’s personal data is estimated to grow to nearly 1 trillion euros annually by 2020 – the GDPR isn’t a burden: it means business. (Even if most people currently preaching about the GDPR are keeping this a secret.)

Hope that clarifies it and helps put a bit of perspective

Benoit Mercier

Advertisements

Manchester United Stadium Tour

OT

It has been a while since I last visited a stadium, but my week off was always going to be a great opportunity. We went back home to Yorkshire. It was always in the back of my mind to go to Old Trafford but I had to be smart on how to deliver the news to my wife. An then the weather turned in my favour. After days of beautiful sunshine it started raining. 8am, woke up my wife, my kids, got dressed and got them all in the car. As we were driving my wife asked me where we were going. The question I had been waiting. My plan was either going to end badly for me or I was going to be the hero. I responded “you are going shopping to Trafford Centre while I am going with my son to Old Trafford. Her response…”great”. My cunning plan had worked to perfection.

11am, dropped my wife at Trafford Centre (with the plastic card…you have to make concessions in life!) and 15min later, we arrive at the most beautiful stadium in the World, Old Trafford

Manchester United Football Club

 

Manchester United Football Club is a professional football club based in Old Trafford, Greater Manchester, England, that competes in the Premier League, the top flight of English football. Nicknamed “the Red Devils”, the club was founded as Newton Heath LYR Football Club in 1878, changed its name to Manchester United in 1902 and moved to its current stadium, Old Trafford, in 1910.

Manchester United have won a record 20 League Titles, a joint-record 12 FA Cups, 5 League Cups and a record 21 FA Community Shields. The club has also won three European Cups, one UEFA Cup Winners’ Cup, one UEFA Super Cup, one Intercontinental Cup and one FIFA Club World Cup. In 1998–99, the club became the first in the history of English football to achieve the treble of the Premier League, the FA Cup and the UEFA Champions League.

The 1958 Munich air disaster claimed the lives of eight players. In 1968, under the management of Matt Busby, Manchester United became the first English football club to win the European Cup. Alex Ferguson won 38 trophies, including 13 Premier League titles, 5 FA Cups and 2 UEFA Champions Leagues, between 1986 and 2013, when he announced his retirement. José Mourinho is the club’s current manager, having been appointed on 27 May 2016.

Manchester United was the highest-earning football club in the world for 2015–16, with an annual revenue of €689 million, and the world’s third most valuable football club in 2015, valued at £1.98 billion. As of June 2015, it is the world’s most valuable football brand, estimated to be worth $1.2 billion. It is one of the most widely supported football teams in the world. After being floated on the London Stock Exchange in 1991, the club was purchased by Malcolm Glazer in May 2005 in a deal valuing the club at almost £800 million, after which the company was taken private again. In August 2012, Manchester United made an initial public offering on the New York Stock Exchange. The club holds several rivalries, most notably with Liverpool, Manchester City and Leeds United, and more recently with Arsenal.

Stadium history

 

Old Trafford is a football stadium in Old Trafford, Greater Manchester, England, and the home of Manchester United. With a capacity of 75,643, it is the largest club stadium of any football team in the United Kingdom, the third-largest stadium and the second-largest football stadium in the United Kingdom, and the eleventh-largest in Europe. It is about 0.5 miles (800 m) from Old Trafford Cricket Ground and the adjacent tram stop.

Nicknamed “The Theatre of Dreams” by Bobby Charlton, Old Trafford has been United’s home ground since 1910, although from 1941 to 1949 the club shared Maine Road with local rivals Manchester City as a result of Second World War bomb damage. Old Trafford underwent several expansions in the 1990s, and 2000s, including the addition of extra tiers to the North, West and East Stands, almost returning the stadium to its original capacity of 80,000. Future expansion is likely to involve the addition of a second tier to the South Stand, which would raise the capacity to around 95,000. The stadium’s record attendance was recorded in 1939, when 76,962 spectators watched the FA Cup semi-final between Wolverhampton Wanderers and Grimsby Town.

Construction

Before 1902, Manchester United were known as Newton Heath, during which time they first played their football matches at North Road and then Bank Street in Clayton. However, both grounds were blighted by wretched conditions, the pitches ranging from gravel to marsh, while Bank Street suffered from clouds of fumes from its neighbouring factories. Therefore, following the club’s rescue from near-bankruptcy and renaming, the new chairman John Henry Davies decided in 1909 that the Bank Street ground was not fit for a team that had recently won the First Division and FA Cup, so he donated funds for the construction of a new stadium. Not one to spend money frivolously, Davies scouted around Manchester for an appropriate site, before settling on a patch of land adjacent to the Bridgewater Canal, just off the north end of the Warwick Road in Old Trafford.

Designed by Scottish architect Archibald Leitch, who designed several other stadia, the ground was originally designed with a capacity of 100,000 spectators and featured seating in the south stand under cover, while the remaining three stands were left as terraces and uncovered. Including the purchase of the land, the construction of the stadium was originally to have cost £60,000 all told. However, as costs began to rise, to reach the intended capacity would have cost an extra £30,000 over the original estimate and, at the suggestion of club secretary J. J. Bentley, the capacity was reduced to approximately 80,000. Nevertheless, at a time when transfer fees were still around the £1,000 mark, the cost of construction only served to reinforce the club’s “Moneybags United” epithet, with which they had been tarred since Davies had taken over as chairman.

In May 1908, Archibald Leitch wrote to the Cheshire Lines Committee (CLC) – who had a rail depot adjacent to the proposed site for the football ground – in an attempt to persuade them to subsidise construction of the grandstand alongside the railway line. The subsidy would have come to the sum of £10,000, to be paid back at the rate of £2,000 per annum for five years or half of the gate receipts for the grandstand each year until the loan was repaid. However, despite guarantees for the loan coming from the club itself and two local breweries, both chaired by club chairman John Henry Davies, the Cheshire Lines Committee turned the proposal down. The CLC had planned to build a new station adjacent to the new stadium, with the promise of an anticipated £2,750 per annum in fares offsetting the £9,800 cost of building the station. The station – Trafford Park – was eventually built, but further down the line than originally planned. The CLC later constructed a modest station with one timber-built platform immediately adjacent to the stadium and this opened on 21 August 1935. It was initially named United Football Ground, but was renamed Old Trafford Football Ground in early 1936. It was served on match days only by a shuttle service of steam trains from Manchester Central railway station. It is currently known as Manchester United Football Ground.

Construction was carried out by Messrs Brameld and Smith of Manchester and development was completed in late 1909. The stadium hosted its inaugural game on 19 February 1910, with United playing host to Liverpool. However, the home side were unable to provide their fans with a win to mark the occasion, as Liverpool won 4–3. A journalist at the game reported the stadium as “the most handsomest [sic], the most spacious and the most remarkable arena I have ever seen. As a football ground it is unrivalled in the world, it is an honour to Manchester and the home of a team who can do wonders when they are so disposed”.

With every subsequent improvement made to the ground since the Second World War, the capacity steadily declined. By the 1980s, the capacity had dropped from the original 80,000 to approximately 60,000. The capacity dropped still further in 1990, when the Taylor Report recommended, and the government demanded that all First and Second Division stadia be converted to all-seaters. This meant that £3–5 million plans to replace the Stretford End with a brand new stand with an all-standing terrace at the front and a cantilever roof to link with the rest of the ground had to be drastically altered. This forced redevelopment, including the removal of the terraces at the front of the other three stands, not only increased the cost to around £10 million, but also reduced the capacity of Old Trafford to an all-time low of around 44,000. In addition, the club was told in 1992 that they would only receive £1.4 million of a possible £2 million from the Football Trust to be put towards work related to the Taylor Report

Old Trafford’s most recent expansion, which took place between July 2005 and May 2006, saw an increase of around 8,000 seats with the addition of second tiers to both the north-west and north-east quadrants of the ground. Part of the new seating was used for the first time on 26 March 2006, when an attendance of 69,070 became a new Premier League record. The record continued to be pushed upwards before reaching its current peak on 31 March 2007, when 76,098 spectators saw United beat Blackburn Rovers 4–1, meaning that just 114 seats (0.15% of the total capacity of 76,212) were left unoccupied. In 2009, a reorganisation of the seating in the stadium resulted in a reduction of the capacity by 255 to 75,957, meaning that the club’s home attendance record would stand at least until the next expansion.

 

The stadium Tour
Ok, as a United fan I have done the visit over 10 times easy in the last 15 years. This was the second time with my son (only 3 months old first time around). The first thing to know is that you must book your tickets in advance. They sell extremely rapidly so don’t risk it, book it. We parked at Old Trafford and made our way to the East Stand, where the entry of the stadium tour is. You collect your tickets at the reception and make your way to the third floor where the museum is. Of course, like any good business you have the ability to take a picture with the Carling cup and other trophies available (£20). You then make your way through the museum down to  first floor. There you await few minutes for everyone to gather (approx. 30 people). Your guide and security agent arrive and so does the stadium tour begins.
First you make your way to the North Stand where the guide tells you that United was the first stadium to offer corporate boxes. The cheapest cost £70k. Unfortunately the banner reminding City how long they had not won a trophy was not there anymore and that was the highlight of the tour many years ago. We then made our way to the East stand where the visiting fans are. The guide reminded everyone that United were the first one to make space for disable individuals and the first club to take them for away games (first away game was the champions League final in 1999). We make our way passed the police station (few jokes about scousers but can’t repeat them as too many friends there) towards the media room. I was really disappointed. Like at Leicester they do not let you sit down in the manager’s chair. This is new. I asked a French security guy later on and he said that it was down to security reasons. Garbage. it is down to economic reasons. The amount of tours within a day has been multiplied by 2. Starts every 10min. There are now 58 tours per day! At an average of 30 people per tour with each person spending a minimum of £20, it generates approx. £35k per day. A year, just over £12m revenue! Crazy right.
Now the best part of the man utd stadium tour. The home changing room is of average size, with a big mirror (nicknamed the Cristiano Ronaldo mirror as he spent 15min in front of it) and famous for Alex Ferguson for having kicked a shoe at David Beckham. I love the place. After all I played my last game there. Pogba is seating where I was, he is destined to be a great player :).
Finally, we make our way to the tunnel and onto the pitch (no time to stop taking a picture in front of the advertising board where players get interviewed in the tunnel (No way I am not going to do that, therefore I delay the tour by couple of seconds. Walking out of the tunnel reminds me of my last game, which of course I bore my son with the details.
The stadium tour finishes in the megastore (of course).
Overall, I was really really disappointed. I thought the quality of our guides was ok but if he had been given time, he would have been excellent (no explanation of the old tunnel or other anecdotes that I got when I first visited the ground). I am highly disappointed with that feeling of being rushed. Nonetheless, for people that visit it for the first time, it will still be a magical moment.
Official information regarding the stadium tour:

http://www.manutd.com/en/Visit-Old-Trafford/Museum-And-Stadium-Tour/Stadium-Tour.aspx

Cost: £18 adult £12 above 5 years old
Stadium architecture: 10/10
Stadium history: 10/10
Stadium Tour: 4/10
Overall mark: 8/10

Benoit Mercier