Featured in JEP’s Cyber Security supplement – 16th May 2018
A:
This phase is stated many times within the data protection law and creates a lot of debate within organisations trying to understand how they need to operate in response to data subjects wanting to exercise their “rights and freedoms”. In simple terms it means that organisations need to ensure that they operate in a way that their data processing activities and data handling processes do not hinder or prevent data subjects from being able to go about their business in a lawful way.
Some practical examples might be for data subjects to be able to access medical care when they require it, having unhindered access to the money in their bank accounts, being able to complete a legal transaction or commercial contract without unnecessary interference, conducting their business in a private and confidential manner, being able to protect their children from unlawful, unwanted social media advertising, interactions.
One extraordinary example of this failure to respect and meet the “rights and freedoms” of data subjects is the current IT fiasco at TSB bank in the UK, where a project undertaken (against some expert IT advice) to migrate circa 1.3 billion transactions from one old IT system across into a new IT system (all in one go and in one weekend), failed spectacularly resulting in hundreds of thousands of TSB customers not being able to access their money! Holidays were lost, weddings ruined, employees were unpaid, some people sold their computers, laptops in order to get money for the family food shopping. When customers did get to the TSB online banking, they saw someone-else’s bank account details and balances!! This IT problem has continued for 2 weeks, cost the CEO £2m in lost bonus -should he keep his job?