Can you describe what you see as the benefits to cultural organisations who comply with GDPR?
The main benefit to cultural organisations is going to be building trust between their customer base and the people that they work with, because GDPR has the accountability principle. The accountability principle means that organisations have to be able to evidence their compliance. It’s no longer good enough just to say that you are compliant. So it means that people will be able to people will be able to see your compliance.
For organisations, there is a requirement for them to be open and transparent about their data processing activities. So again, this builds trust and makes people more confident in how the organisation are working with their personal data. They know that it’s not going to be misused.
What is an example of misuse?
Going back to what was in the press about a year ago, at the beginning of 2016, when we fined quite a lot of charities and that was because they weren’t being open and honest in what they were doing with their personal data. They were sharing personal data but they hadn’t told people that they were going to do that. They were doing profiling but they hadn’t said that they were going to carry out profiling. So the information was being used in ways that people didn’t expect them to, and that was where it was a breach of the Data Protection Act.
Under GDPR, stuff like that would be a breach if the individuals don’t know that it’s happening. So as long as the organisations are telling people that they’re going to be sharing the data, who they’re going to be sharing it with, why they’re sharing it. If they’re going to be carrying out profiling, then telling them we’re going to profile you and this is why we’re doing it. That is what’s really important, and that again is what is going to be building the trust because people aren’t going to be surprised about what you’re doing with their data.
The main benefit of compliance
The main benefit that I can think of is about trust and building trust, and you get so many organisations that are doing a good job. People sometimes make the assumption that because they’re a small organisation and they’ve not got the loads of resources that big banks do to put into personal data, they sometimes think that they’re not as good at it. Whereas, under GDPR, because of the accountability principle, they’re going to be able to stand up and say “we are just as good, and here is our evidence, here is what we are doing, this is why you can trust us.”
Thanks to Alison Johnston and the ICO for taking the time to contribute to this video.
- Video production by Jack Perry, Culture Republic Marketing Assistant
- Interview by Ashley Smith Hammond, Culture Republic Content Producer
This Culture Republic video is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.