Christmas is almost upon us, and Santa is busy ensuring his elves finish making the presents that he will be delivering to boys and girls around the world. However, with this being the first festive period governed by the new General Data Protection Regulation (GDPR), there is an awful lot more for him to be thinking about this year.
Writing a ‘naughty and nice’ list might be the way that Santa has always managed his delivery schedule, but holding personal data of children – including their name, home address, gift preferences and defining characteristics – might get him in trouble.
This year, Santa will be making sure he asks permission from each child to capture and store their information. However, if the children want to get their presents from Santa, it’s likely they will all opt in (unless they know they have been naughty!).
Let’s hope that Santa has good risk management processes in place, or his data protection elf (DPE) will be busy fielding requests this Christmas.
He will also have a process in place for children and their parents to request a copy of what information is held on them. If you want to check Santa has your present choice right, or want to know if you are on the naughty or nice list, contact Santa’s DPE to find out - and if you’ve been naughty, then you just have enough time to change your fate.
It’s all very well having the right processes in place and good intentions, but if Santa’s staff don’t follow the rules, then his workshop will be in trouble. If one of those cheeky elves accidentally posts the naughty and nice list online, or if Rudolph clicks on a link in a scam email that gives hackers access to personal data, Santa could be subject to €20million of fines.
So, on top of the rigorous toy building schedule, and getting ready to pull Santa’s sleigh, the elves and reindeers will be taking part in some employee training to make sure they understand their responsibilities and how to keep your data safe.
Every business should make sure they have robust risk management processes in place to protect their data. Ventiv’s data governance module helps you stay compliant to GDPR by managing your data retention policy, deleting or anonymizing personal details, and documenting where your information has come from. Contact us to find out how your business can benefit from Ventiv’s data governance module.
Dec 14, 2018