By William Bowes, Director of Policy & General Counsel
Data is an increasingly essential tool for all of us involved in the world of publishing. It helps us manage our people, maintain our rights, liaise with authors, get our products and services to the right place at the right time and also make the millions of financial, operational and commercial decisions required each day to run our organisations. decisions required each day to run our organisations.
But whilst as publishing professionals we think of data as a professional tool, as individuals we think of it in much more personal terms. Who has my data? What are they doing with it? How long will they keep it for? What happens if I am a victim of hacking or unfair practices?
Legislators in the EU and UK have responded to the increasing utility of personal data and the risks that come with that by crafting a new law, the General Data Protection Regulation (GDPR). This will apply from May this year and relates to data we hold about people (as opposed to ISBNs, money etc…).
We have had strong data protection laws in the UK for twenty years now. These laws already require us to ensure that the data we hold about people is done so on a fair, open and transparent basis. The new law builds on these principles with new provisions that reflect the changing nature of technology, business, and consumer behaviour.
It also comes with significantly increased fines for non-compliance. However, for most publishers, particularly SMEs, your risk is less likely to be the full wrath of the regulator, the Information Commissioner. Instead, you may suffer from editorial, operational or commercial blockages due to you not being able to use data because you did not collect it in a compliant way. Or perhaps you will face damage to a key author, employee or customer relationship because you have lost or accidentally leaked personal information about them. Or maybe your brand is tarnished by much wider association on social or mainstream media about a data hacking incident.
Taking stock and preparation
For all of these reasons, it is important to take stock of the data you hold, consider how you are processing it, whether it is held sufficiently securely and what you would do if something goes wrong.
At the Publishers Association, we want to help you prepare for this new and important piece of EU legislation, that the UK Government has made clear will apply irrespective of the outcome of Brexit. That is why in addition to working closely with Government on the precise wording of the UK Data Protection Bill to ensure publisher concerns are heard and understood (for example on editorial uses of data), we have also worked closely with the data protection and publishing law specialists, Harbottle & Lewis LLP, to develop this practical compliance GDPR toolkit.
This step-by-step guide to reviewing where you stand today and preparing for where you need to be tomorrow has been developed with small publishers in mind. Several of the documents contained within it could be used to form part of an approach by larger publishers. Please though keep in mind that the larger and more complex your data handling operations, the greater your data protection obligations. If you are a large publisher and would like advice on your GDPR preparations, please do contact Alex Hardy at Harbottle & Lewis LLP for further advice.
We hope you find the information contained in this Toolkit useful and look forward to receiving your comments and feedback as May approaches.